Red Hat Bugzilla – Bug 971863
Last modified: 2016-03-04 06:33:59 EST
A cross-site scripting flaw was found in the way videoViewer module of ownCloud, a private file synchronization tool and share server, performed sanitization of certain file name arguments. A remote attacker could provide a specially-crafted web page that, when visited would lead to arbitrary HTML or web script execution in the context of the ownCloud user's session.
 https://github.com/owncloud/apps/commit/b9a85f2 (against stable5 branch)
 https://github.com/owncloud/apps/commit/773e3de (against stable45 branch)
This issue affects the versions of the owncloud package as shipped with Fedora release of 18 and Fedora EPEL-6. Please schedule an update.
Created owncloud tracking bugs for this issue
Affects: fedora-18 [bug 971864]
Affects: epel-6 [bug 971865]