Candidate: CVE-2012-5056
PublicDate: 2014-06-04 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5056
 http://owncloud.org/about/security/advisories/CVE-2012-5056/
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server
 before 4.0.8 allow remote attackers to inject arbitrary web script or HTML
 via the (1) readyCallback parameter to
 apps/files_odfviewer/src/webodf/webodf/flashput/PUT.swf, the (2) root
 parameter to apps/gallery/templates/index.php, or a (3) malformed query to
 lib/db.php.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_owncloud:
upstream_owncloud: released (4.0.8)
lucid_owncloud: DNE
precise_owncloud: not-affected (5.0.4debian-0ubuntu1~ubuntu12.04)
saucy_owncloud: not-affected
trusty_owncloud: not-affected
trusty/esm_owncloud: DNE (trusty was not-affected)
devel_owncloud: not-affected