Note:
This project will be discontinued after December 13, 2021. [more]
2017-07-17
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
Products | Owncloud |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Links |
• https://owncloud.org/security/advisory/?id=oc-sa-2017-004
• http://www.securityfocus.com/bid/99321 • https://hackerone.com/reports/215410 |