Vulnerability Name: | CVE-2015-3012 (CCN-105320) | ||||||||||||||||
Assigned: | 2015-03-25 | ||||||||||||||||
Published: | 2015-03-25 | ||||||||||||||||
Updated: | 2019-02-11 | ||||||||||||||||
Summary: | Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI. | ||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||
Vulnerability Type: | CWE-79 | ||||||||||||||||
Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-3012 Source: DEBIAN Type: Vendor Advisory DSA-3244 Source: BID Type: Third Party Advisory, VDB Entry 74445 Source: XF Type: UNKNOWN owncloud-cve20153012-xss(105320) Source: CONFIRM Type: Patch, Vendor Advisory https://github.com/kogmbh/WebODF/blob/master/ChangeLog.md Source: CONFIRM Type: Patch https://github.com/kogmbh/WebODF/pull/849 Source: CONFIRM Type: Patch https://github.com/kogmbh/WebODF/pull/850/files Source: CCN Type: ownCloud Security Advisory oc-sa-2015-002 Multiple stored XSS in "documents" application (oC-SA-2015-002) Source: CONFIRM Type: Vendor Advisory https://owncloud.org/security/advisory/?id=oc-sa-2015-002 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-3012 | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |