Description
Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74445
Vendor Advisory x_refsource_confirm
https://owncloud.org/security/advisory/?id=oc-sa-2015-001
Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3244
Scores
EPSS
0.0021
EPSS Percentile
43.1%
Details
CWE
CWE-79
Status
published
Products (2)
debian/debian_linux
7.0
owncloud/owncloud
< 5.0.18
Published
May 08, 2015
Tracked Since
Feb 18, 2026