Vulnerability Description
ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owncloud | Owncloud | <= 8.2.11 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99321Third Party AdvisoryVDB Entry
- https://hackerone.com/reports/215410Third Party Advisory
- https://owncloud.org/security/advisory/?id=oc-sa-2017-004Vendor Advisory
- http://www.securityfocus.com/bid/99321Third Party AdvisoryVDB Entry
- https://hackerone.com/reports/215410Third Party Advisory
- https://owncloud.org/security/advisory/?id=oc-sa-2017-004Vendor Advisory
FAQ
What is CVE-2017-8896?
CVE-2017-8896 is a vulnerability with a CVSS score of 6.1 (MEDIUM). ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.
How severe is CVE-2017-8896?
CVE-2017-8896 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8896?
Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud.