VIR Vulnerability Intelligence Relay

CVE-2013-2150

low
Published 2014-03-14 · Modified 2026-05-06
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://owncloud.org/about/security/advisories/oC-SA-2013-028/

Application impact
VendorProductVersionsFixed
owncloudowncloud_server5.0.0
owncloudowncloud_server5.0.1
owncloudowncloud_server5.0.2
owncloudowncloud_server5.0.3
owncloudowncloud_server5.0.4
owncloudowncloud_server5.0.5
owncloudowncloud_server5.0.6
owncloudowncloud{"endIncluding":"4.5.11"}
owncloudowncloud_server3.0.0
owncloudowncloud_server3.0.1
owncloudowncloud_server3.0.2
owncloudowncloud_server3.0.3
owncloudowncloud_server4.0.0
owncloudowncloud_server4.0.1
owncloudowncloud_server4.0.2
owncloudowncloud_server4.0.3
owncloudowncloud_server4.0.4
owncloudowncloud_server4.0.5
owncloudowncloud_server4.0.6
owncloudowncloud_server4.0.7
owncloudowncloud_server4.0.8
owncloudowncloud_server4.0.9
owncloudowncloud_server4.0.10
owncloudowncloud_server4.0.11
owncloudowncloud_server4.0.12
owncloudowncloud_server4.0.13
owncloudowncloud_server4.0.14
owncloudowncloud_server4.0.15
owncloudowncloud_server4.0.16
owncloudowncloud_server4.5.0
owncloudowncloud_server4.5.1
owncloudowncloud_server4.5.2
owncloudowncloud_server4.5.3
owncloudowncloud_server4.5.4
owncloudowncloud_server4.5.5
owncloudowncloud_server4.5.6
owncloudowncloud_server4.5.7
owncloudowncloud_server4.5.8
owncloudowncloud_server4.5.9
owncloudowncloud_server4.5.10

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.