CVE-2017-8896
MEDIUMownCloud Server <8.2.12, <9.0.10, <9.1.6, <10.0.2 - XSS
Title source: llmDescription
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/215410
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2017-004
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99321
Scores
CVSS v3
6.1
EPSS
0.0038
EPSS Percentile
59.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
owncloud/owncloud
< 8.2.11
Published
Jul 17, 2017
Tracked Since
Feb 18, 2026