Stored XSS Vulnerability in DrawIO for ownCloud Affects Multiple Versions
CVE-2025-53831
8.2HIGH
What is CVE-2025-53831?
DrawIO for ownCloud, an application for integrating DrawIO with the ownCloud file storage and sharing platform, is vulnerable to stored cross-site scripting (XSS) attacks. This vulnerability is found in versions of DrawIO for ownCloud prior to 1.0.2 and ownCloud 10 prior to version 10.15.3. Attackers with access to the DrawIO application can exploit inadequate input sanitization during web page generation, potentially allowing malicious scripts to be stored and executed. It is recommended to upgrade to DrawIO for ownCloud version 1.0.2 or later and ownCloud version 10.15.3 or later to mitigate this risk.
Affected Version(s)
DrawIO for ownCloud < 1.0.2
ownCloud 10 < 10.15.3
