Cross-site scripting (XSS) vulnerability in apps/user_webdavauth/settings.php in ownCloud 4.5.x before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via arbitrary POST parameters.
https://github.com/owncloud/core/commit/054c168
http://www.openwall.com/lists/oss-security/2012/11/30/3
http://secunia.com/advisories/51357