VYPR
Unrated severityNVD Advisory· Published Feb 4, 2015· Updated Jun 17, 2026

CVE-2014-9042

CVE-2014-9042

Description

Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.

Affected products

29
  • OwnCloud/Owncloud2 versions
    cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*range: <=5.0.17
    • (no CPE)range: <5.0.18, >=6.0.0 <6.0.6, >=7.0.0 <7.0.3
  • OwnCloud/Server27 versions
    cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*+ 26 more
    • cpe:2.3:a:owncloud:owncloud_server:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.14:a:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.15:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.16:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:5.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:6.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:owncloud:owncloud_server:7.0.2:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.