CVE-2017-8896 (NVD)

2017-07-17

ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.

Products Owncloud
Type Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
First patch - None (likely due to unavailable code)
Links https://owncloud.org/security/advisory/?id=oc-sa-2017-004
http://www.securityfocus.com/bid/99321
https://hackerone.com/reports/215410