Owncloud · Owncloud · CVE-2014-1665
**Name of the Vulnerable Software and Affected Versions**
ownCloud versions prior to 6.0.1
**Description**
The issue allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file, which is a cross-site scripting (XSS) vulnerability.
**Recommendations**
For versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue.