A Attacker can inject HTML script code into a error message
Affected Software
- ownCloud Server < 10.0.2 (CVE-2017-8896)
- ownCloud Server < 9.1.6 (CVE-2017-8896)
- ownCloud Server < 9.0.10 (CVE-2017-8896)
- ownCloud Server < 8.2.12 (CVE-2017-8896)
Action Taken
Escape output
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Manuel Mancera - Vulnerability discovery and disclosure.