Description
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
Debian DSA |
DSA-3373-1 | owncloud security update |
EUVD |
EUVD-2015-5899 | Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder. |
References
History
Mon, 31 Mar 2025 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Owncloud owncloud Server
|
|
| CPEs | cpe:2.3:a:owncloud:owncloud:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud:8.0.3:*:*:*:*:*:*:* |
cpe:2.3:a:owncloud:owncloud_server:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:owncloud:owncloud_server:8.0.3:*:*:*:*:*:*:* |
| Vendors & Products |
Owncloud owncloud Server
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T07:06:35.029Z
Reserved: 2015-08-06T00:00:00.000Z
Link: CVE-2015-5953
No data.
Status : Modified
Published: 2015-10-21T15:59:00.130
Modified: 2026-06-17T00:30:10.460
Link: CVE-2015-5953
No data.
OpenCVE Enrichment
No data.
Weaknesses
Debian DSA
EUVD