ID de Prueba:	1.3.6.1.4.1.25623.1.0.804412
Categoría:	Web application abuses
Título:	ownCloud Multiple XSS and SQL Injection Vulnerabilities
Resumen:	ownCloud is prone to multiple XSS and SQL injection vulnerabilities.
Descripción:	Summary: ownCloud is prone to multiple XSS and SQL injection vulnerabilities. Vulnerability Insight: - Input passed via the 'new_name' POST parameter to /apps/bookmarks/ajax/renameTag.php is not properly sanitised before being used. - Certain unspecified input passed to some files in apps/contacts/ajax/ is not properly sanitised before being used. - Certain unspecified input passed to addressbookprovider.php is not properly sanitised before being used in a SQL query. Vulnerability Impact: Successful exploitation will allow remote attacker to inject or manipulate SQL queries in the back-end database or conduct script insertion. Affected Software/OS: ownCloud Server before version 5.0.1 Solution: Update to version 5.0.1 or later. CVSS Score: 6.5 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1893 BugTraq ID: 58855 http://www.securityfocus.com/bid/58855 XForce ISS Database: owncloud-addressbookprovider-sql-injection(83253) https://exchange.xforce.ibmcloud.com/vulnerabilities/83253 Common Vulnerability Exposure (CVE) ID: CVE-2013-1890 BugTraq ID: 58852 http://www.securityfocus.com/bid/58852 XForce ISS Database: owncloud-cve20131890-multiple-xss(83245) https://exchange.xforce.ibmcloud.com/vulnerabilities/83245
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.