CVE-2015-3011

NameCVE-2015-3011
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3244-1
NVD severitylow (attack range: remote)
Debian Bugs779055

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
owncloud (PTS)jessie (security)7.0.4+dfsg-4~deb8u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
owncloudsource(unstable)7.0.4+dfsg-3low
owncloudsourceexperimental7.0.5+dfsg-1low
owncloudsourcejessie7.0.4+dfsg-4~deb8u1lowDSA-3244-1
ownclound-contactsITP779055

Notes

owncloud-contacts fixed in 0.3.0.18+8.0.0+dfsg-1
https://owncloud.org/security/advisory/?id=oc-sa-2015-001

Search for package or bug name: Reporting problems