Stored XSS Vulnerability in DrawIO for ownCloud Affects Multiple Versions
CVE-2025-53831

8.2HIGH

Key Information:

Vendor

Owncloud

Vendor
CVE Published:
6 July 2026

What is CVE-2025-53831?

DrawIO for ownCloud, an application for integrating DrawIO with the ownCloud file storage and sharing platform, is vulnerable to stored cross-site scripting (XSS) attacks. This vulnerability is found in versions of DrawIO for ownCloud prior to 1.0.2 and ownCloud 10 prior to version 10.15.3. Attackers with access to the DrawIO application can exploit inadequate input sanitization during web page generation, potentially allowing malicious scripts to be stored and executed. It is recommended to upgrade to DrawIO for ownCloud version 1.0.2 or later and ownCloud version 10.15.3 or later to mitigate this risk.

Affected Version(s)

DrawIO for ownCloud < 1.0.2

ownCloud 10 < 10.15.3

References

CVSS V3.1

Score:
8.2
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.