CVE-2015-3011

NameCVE-2015-3011
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3244-1
Debian Bugs779055

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
owncloudsourceexperimental7.0.5+dfsg-1
owncloudsourcejessie7.0.4+dfsg-4~deb8u1DSA-3244-1
owncloudsource(unstable)7.0.4+dfsg-3
ownclound-contactsITP779055

Notes

owncloud-contacts fixed in 0.3.0.18+8.0.0+dfsg-1
https://owncloud.org/security/advisory/?id=oc-sa-2015-001

Search for package or bug name: Reporting problems