Posted by Felix Matei on Nov 07

Dear Community

By comparing the advisory of NextCloud and OwnCloud I figured out that OwnCloud has multiple not patched
vulnerabilities.

You can see list here it seems all patches missing from latest Nextcloud 10.0.1 release in OwnCloud:
https://nextcloud.com/security/advisories. This seems to include XSS vulns and more.

An example exploit for one of the vulns would look like that:
http://demo.owncloud.org/index.php/apps/gallery/#…