VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Feb 4, 2015· Updated May 6, 2026

CVE-2014-9041

CVE-2014-9041

Description

The import functionality in the bookmarks application in ownCloud server before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 does not validate CSRF tokens, which allow remote attackers to conduct CSRF attacks.

Affected products

28
  • OwnCloud/Owncloud
    cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
    Range: <=5.0.17
  • OwnCloud/Owncloud Server27 versions
    cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.14:a:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.