CVE-2015-5953

Name of the Vulnerable Software and Affected Versions ownCloud Server versions prior to 7.0.5 ownCloud Server versions 8.0.x prior to 8.0.4

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a double quote character in a filename in a shared folder. This is due to the lack of protection measures for the web page structure, which can be exploited by a remote attacker to inject arbitrary web or HTML code using special symbols in file names within a shared directory.

Recommendations For ownCloud Server versions prior to 7.0.5, update to version 7.0.5 or later. For ownCloud Server versions 8.0.x prior to 8.0.4, update to version 8.0.4 or later. As a temporary workaround, consider restricting the use of special characters in file names within shared folders to minimize the risk of exploitation.