CVE-2012-4395

Owncloud < 4.0.2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.

References (3)

Scores

EPSS 0.0025
EPSS Percentile 48.5%

Classification

CWE
CWE-79
Status published

Affected Products (7)

owncloud/owncloud < 4.0.2
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
owncloud/owncloud_server
n/a/n/a

Timeline

Published Sep 05, 2012
Tracked Since Feb 18, 2026