A Cross-site scripting (XSS) vulnerability in the OCS discovery provider in ownCloud Servers allows remote attackers to inject arbitrary web script or HTML via the URL resulting in a reflected Cross-Site-Scripting. Since ownCloud employs a strict Content-Security-Policy that forbids inline script execution this bug is unlikely to be exploitable on recent browsers that support Content-Security-Policy. (Firefox >= 23, Chrome >= 25, Safari >= 7, Microsoft Edge) External Reference: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
Created owncloud tracking bugs for this issue: Affects: fedora-all [bug 1297352] Affects: epel-6 [bug 1297353] Affects: epel-7 [bug 1297354]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.