CVE-2015-3011

EUVD-2015-3092
Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
Affected Products (NVD)
VendorProductVersion
owncloudowncloud
𝑥
≤ 5.0.18
owncloudowncloud
𝑥
≤ 6.0.6
owncloudowncloud
𝑥
≤ 7.0.4
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
owncloud
lucid
dne
precise
not-affected
trusty
dne
utopic
dne
vivid
dne
wily
dne
ownclound-contacts
lucid
dne
precise
dne
trusty
dne
utopic
dne
vivid
dne
wily
dne
Common Weakness Enumeration
References
http://www.debian.org/security/2015/dsa-3244
http://www.securityfocus.com/bid/74445
https://owncloud.org/security/advisory/?id=oc-sa-2015-001
http://www.debian.org/security/2015/dsa-3244
http://www.securityfocus.com/bid/74445
https://owncloud.org/security/advisory/?id=oc-sa-2015-001