ownCloud HTML Injection and Authentication Bypass Vulnerabilities

ownCloud is prone to an HTML-injection and multiple authentication-bypass vulnerabilities.

An attacker may leverage the HTML-injection issue to inject hostile HTML and script code that would run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. The attacker may leverage the authentication-bypass issues to bypass certain security restrictions and perform unauthorized actions in the affected application.

Versions prior to ownCloud 4.5.5 and 4.0.10 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus