XSS in Owncloud Drawio For
CVE-2025-53831
DrawIO for ownCloud is an application for using DrawIO with the file storage, synchronization, and sharing application ownCloud Classic. In DrawIO for ownCloud prior to version 1.0.2, which corresponds to ownCloud 10 prior to version 10.15…
Vulnerability class: XSS (Cross-Site Scripting)
CVSS v3 metric
CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L.
Affected products
- Owncloud Drawio For — versions < 1.0.2
- Owncloud 10 — versions < 10.15.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2025-53831?
- CVE-2025-53831 is a high-severity vulnerability in Owncloud Drawio For, classified under Cross-site Scripting. CVSS score: 8.2/10. Published 2026-07-06.
- How severe is CVE-2025-53831?
- High severity. CVSS v3 base score is 8.2 out of 10.