Lucene search

K

Ubuntu.comUB:CVE-2015-3011

HistoryMay 08, 2015 - 12:00 a.m.

CVE-2015-3011

2015-05-0800:00:00

ubuntu.com

ubuntu.com

9

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.9%

Multiple cross-site scripting (XSS) vulnerabilities in the contacts
application in ownCloud Server Community Edition before 5.0.19, 6.x before
6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject
arbitrary web script or HTML via a crafted contact.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779055>

Notes

Author	Note
mdeslaur	owncloud packages in Ubuntu are now empty

References

launchpad.net/bugs/cve/CVE-2015-3011

nvd.nist.gov/vuln/detail/CVE-2015-3011

owncloud.org/security/advisory/?id=oc-sa-2015-001

security-tracker.debian.org/tracker/CVE-2015-3011

www.cve.org/CVERecord?id=CVE-2015-3011

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.9%

Related for UB:CVE-2015-3011

prion1 cvelist1 cve1 owncloud2 debian2 securityvulns2 osv1 openvas2 nessus1