Vulnerability CVE-2013-1967

Vulnerability CVE-2013-1967

Published: 2014-02-05

Description:

	Topic	Author	Date
Med.	ownCloud Server 5.0.x/4.5.x XSS and Privilege escalation	ownCloud	22.04.2013

Type:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Affected software
Owncloud -> Owncloud
Mediaelementjs -> Mediaelement.js

https://github.com/johndyer/mediaelement/commit/9223dc6bfc50251a9a3cba0210e71be80fc38ecd

http://seclists.org/oss-sec/2013/q2/133

http://owncloud.org/about/security/advisories/oC-SA-2013-017

https://github.com/johndyer/mediaelement/tree/2.11.1

https://bugzilla.redhat.com/show_bug.cgi?id=955307

http://xforce.iss.net/xforce/xfdb/83647

http://secunia.com/advisories/53079

http://seclists.org/oss-sec/2013/q2/111