Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 7.0 |
| Kogmbh | Webodf | <= 0.5.4 |
| Owncloud | Owncloud | - |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2015/dsa-3244Vendor Advisory
- http://www.securityfocus.com/bid/74445Third Party AdvisoryVDB Entry
- https://github.com/kogmbh/WebODF/blob/master/ChangeLog.mdPatchVendor Advisory
- https://github.com/kogmbh/WebODF/pull/849Patch
- https://github.com/kogmbh/WebODF/pull/850/filesPatch
- https://owncloud.org/security/advisory/?id=oc-sa-2015-002Vendor Advisory
- http://www.debian.org/security/2015/dsa-3244Vendor Advisory
- http://www.securityfocus.com/bid/74445Third Party AdvisoryVDB Entry
- https://github.com/kogmbh/WebODF/blob/master/ChangeLog.mdPatchVendor Advisory
- https://github.com/kogmbh/WebODF/pull/849Patch
- https://github.com/kogmbh/WebODF/pull/850/filesPatch
- https://owncloud.org/security/advisory/?id=oc-sa-2015-002Vendor Advisory
FAQ
What is CVE-2015-3012?
CVE-2015-3012 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) j...
How severe is CVE-2015-3012?
CVE-2015-3012 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3012?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Kogmbh Webodf, Owncloud Owncloud.