Lucene search
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.OWNCLOUD:04A3E146E3219207E89D828F3CE2B6E6HistoryJun 23, 2012 - 5:23 p.m.
Reflected XSS - ownCloud
2012-06-2317:23:20
Lukas Reschke – ownCloud Inc. ([email protected]) – Vulnerability discovery and disclosure.
owncloud.org
24
0.002 Low
EPSS
Percentile
53.5%
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.
Affected Software
- ownCloud Server < 4.0.3 (CVE-2012-4395)
Action Taken
It is recommended that all instances are upgraded to ownCloud Server 4.0.3.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Lukas Reschke - ownCloud Inc. ([email protected]) - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| owncloud server | lt | 4.0.3 |
Related
owncloud
owncloud
Multiple reflected XSS - ownCloud
2012-07-11 17:24:59
Server: Multiple stored XSS
2012-07-04 11:42:22
Server: Reflected XSS
2012-06-23 11:42:22
ubuntucve
ubuntucve
CVE-2012-4395
2012-09-05 00:00:00
openvas
openvas
ownCloud < 4.0.3 XSS Vulnerability (oC-SA-2012-019)
2021-09-21 00:00:00
cve
cve
CVE-2012-4395
2022-10-03 16:15:32
prion
prion
Cross site scripting
2012-09-05 23:55:00
cvelist
cvelist
CVE-2012-4395
2022-10-03 16:15:32
nvd
nvd
CVE-2012-4395
2012-09-05 23:55:03