Candidate: CVE-2013-0298
PublicDate: 2014-03-14 15:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0298
 http://owncloud.org/about/security/advisories/oC-SA-2013-003/
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x
 before 4.5.7 allow remote attackers to inject arbitrary web script or HTML
 via (1) a crafted iCalendar file to the calendar application, the (2) dir
 or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4)
 mountpoint parameter to /apps/files_external/addMountPoint.php.
Ubuntu-Description:
Notes:
 mdeslaur> only affects 4.5.x
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_owncloud:
upstream_owncloud: released (4.5.7)
hardy_owncloud: DNE
lucid_owncloud: DNE
oneiric_owncloud: not-affected
precise_owncloud: not-affected
quantal_owncloud: not-affected
devel_owncloud: not-affected