CVE-2012-2398

Priority
Medium
Description
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in
ownCloud before 3.0.3 allows remote attackers to inject arbitrary web
script or HTML via the files parameter, a different vulnerability than
CVE-2012-2269.4.
References
Bugs
Package
Upstream:released (3.0.3)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):needed
Ubuntu 12.10 (Quantal Quetzal):not-affected (4.0.7debian-1ubuntu1)
Ubuntu 13.10 (Saucy Salamander):not-affected (4.0.7debian-1ubuntu1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.0.7debian-1ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-04-18 13:16:02 UTC (commit 7949)