As per $URL New versions are in tree thanks to robbat2, I have removed the vulnerable ones
CVE-2013-2150 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2150): Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to shared files. CVE-2013-2149 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2149): Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to shared files.