CVE-2015-3012
Published: 8 May 2015
Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) javascript or (4) data URI.
Notes
| Author | Note |
|---|---|
| mdeslaur | owncloud packages in Ubuntu are now empty |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
owncloud Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Released
(7.0.4+dfsg-3)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
|
owncloud-documents Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needed
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|