CVE-2017-8896

Name of the Vulnerable Software and Affected Versions ownCloud Server versions prior to 8.2.12 ownCloud Server versions 9.0.x prior to 9.0.10 ownCloud Server versions 9.1.x prior to 9.1.6 ownCloud Server versions 10.0.x prior to 10.0.2

Description The issue allows for XSS on error pages by injecting code in url parameters. This can potentially lead to malicious code execution.

Recommendations For ownCloud Server versions prior to 8.2.12, update to version 8.2.12 or later. For ownCloud Server versions 9.0.x prior to 9.0.10, update to version 9.0.10 or later. For ownCloud Server versions 9.1.x prior to 9.1.6, update to version 9.1.6 or later. For ownCloud Server versions 10.0.x prior to 10.0.2, update to version 10.0.2 or later.