8.2
CVE-2025-53831
- EPSS 0.16%
- Veröffentlicht 06.07.2026 16:23:35
- Zuletzt bearbeitet 06.07.2026 19:16:54
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
DrawIO for ownCloud 10 is vulnerable to Stored XSS
DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15.3, attackers with access to the DrawIO app can leverage improper neutralization of input during web page generation to achieve stored XSS. Upgrade ownCloud 10 to version 10.15.3 or later or upgrade DrawIO for ownCloud 10 to version 1.0.2 or later to receive a patch.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellerowncloud
≫
Produkt
DrawIO for ownCloud
Version
< 1.0.2
Status
affected
Herstellerowncloud
≫
Produkt
ownCloud 10
Version
< 10.15.3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 8.2 | 2.3 | 5.3 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/owncloud/security-advisories/security/advisories/GHSA-r9j8-fr2h-m47q