Published: 20/04/2012 Updated: 04/01/2018
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 585
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

Open redirect vulnerability in index.php (aka the Login Page) in ownCloud prior to 3.0.3 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_url parameter.

Affected Products

Vendor Product Versions
OwncloudOwncloud3.0.0, 3.0.1, 3.0.2


source: wwwsecurityfocuscom/bid/53145/info ownCloud is prone to a URI open-redirection vulnerability, multiple cross-site scripting vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input An attacker could leverage the cross-site scripting issues to execute arbitrary script c ...

Mailing Lists

ownCloud version 300 suffers from cross site scripting and open redirection vulnerabilities ...