CVE-2023-49104
CVE-2023-49104 affects ownCloud’s OAuth2 component (versions before 0.6.1) where enabling “Allow Subdomains” lets an attacker craft a redirect-url that bypasses validation, enabling callbacks to a top‑level domain controlled by the attacker. Documents consistently state the impact as redirection ...