Vulnerabilities > Owncloud > Owncloud > 10.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-09 | CVE-2020-28645 | Improper Input Validation vulnerability in Owncloud Deleting users with certain names caused system files to be deleted. | 5.0 |
| 2021-02-09 | CVE-2020-28644 | Cross-Site Request Forgery (CSRF) vulnerability in Owncloud The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated requests against some ocs API endpoints. | 4.3 |
| 2021-01-15 | CVE-2020-16255 | Cross-site Scripting vulnerability in Owncloud ownCloud (Core) before 10.5 allows XSS in login page 'forgot password.' | 4.3 |