Cross-site scripting (XSS) vulnerability in the OCS discovery provider component in ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before 8.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a URL.
2016-01-08T21:59:06.937
2025-04-12T10:46:40.837
Deferred
CVSSv3.0: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | owncloud | owncloud | ≤ 7.0.11 | Yes |
| Application | owncloud | owncloud | 8.2.0 | Yes |
| Application | owncloud | owncloud | 8.2.1 | Yes |
| Application | owncloud | owncloud_server | 8.0.0 | Yes |
| Application | owncloud | owncloud_server | 8.0.2 | Yes |
| Application | owncloud | owncloud_server | 8.0.3 | Yes |
| Application | owncloud | owncloud_server | 8.0.4 | Yes |
| Application | owncloud | owncloud_server | 8.0.5 | Yes |
| Application | owncloud | owncloud_server | 8.0.6 | Yes |
| Application | owncloud | owncloud_server | 8.0.8 | Yes |
| Application | owncloud | owncloud_server | 8.0.9 | Yes |
| Application | owncloud | owncloud_server | 8.1.0 | Yes |
| Application | owncloud | owncloud_server | 8.1.1 | Yes |
| Application | owncloud | owncloud_server | 8.1.3 | Yes |
| Application | owncloud | owncloud_server | 8.1.4 | Yes |