{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-03-25T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "74445", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74445"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"}, {"name": "DSA-3244", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3244"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-3011", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "74445", "refsource": "BID", "url": "http://www.securityfocus.com/bid/74445"}, {"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001", "refsource": "CONFIRM", "url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"}, {"name": "DSA-3244", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3244"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T05:32:21.258Z"}, "title": "CVE Program Container", "references": [{"name": "74445", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74445"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"}, {"name": "DSA-3244", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3244"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-3011", "datePublished": "2015-05-08T14:00:00", "dateReserved": "2015-04-08T00:00:00", "dateUpdated": "2024-08-06T05:32:21.258Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:community:*:*:*", "matchCriteriaId": "BCDC6BFB-2431-4EA9-B866-0CACF10C9243", "versionEndIncluding": "5.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:community:*:*:*", "matchCriteriaId": "85872AC6-A6B1-4217-8FF8-FA0CB2C4A845", "versionEndIncluding": "6.0.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:owncloud:owncloud:*:*:*:*:community:*:*:*", "matchCriteriaId": "AA68F8CE-EA46-4448-814D-F1EFBDAD82FE", "versionEndIncluding": "7.0.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en la aplicaci\u00f3n de contactos en ownCloud Server Community Edition anterior a 5.0.19, 6.x anterior a 6.0.7, y 7.x anterior a 7.0.5 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s de un contacto manipulado."}], "id": "CVE-2015-3011", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-05-08T14:59:02.617", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2015/dsa-3244"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/74445"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.debian.org/security/2015/dsa-3244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/74445"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-001"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}