CVE 2014-1665
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
See the 
CVE page on Mitre.org
for more details.
