Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28786 | 1 Solidwp | 1 Solid Security | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | |||||
CVE-2023-31229 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9. | |||||
CVE-2023-45762 | 1 Michaeluno | 1 Responsive Column Widgets | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | |||||
CVE-2023-28874 | 1 Seafile | 1 Seafile | 2024-02-28 | N/A | 6.1 MEDIUM |
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | |||||
CVE-2023-49281 | 1 Cainor | 1 Calendarinho | 2024-02-28 | N/A | 6.1 MEDIUM |
Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. | |||||
CVE-2023-38481 | 1 Crmperks | 1 Integration For Woocommerce And Zoho Crm\, Books\, Invoice\, Inventory\, Bigin | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. | |||||
CVE-2023-48003 | 1 Aspnetzero | 1 Asp.net Zero | 2024-02-28 | N/A | 6.1 MEDIUM |
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages. | |||||
CVE-2023-6380 | 1 Alkacon | 1 Opencms | 2024-02-28 | N/A | 6.1 MEDIUM |
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter. | |||||
CVE-2023-50297 | 1 Alfasado | 1 Powercms | 2024-02-28 | N/A | 6.1 MEDIUM |
Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. | |||||
CVE-2023-46688 | 1 Pleasanter | 1 Pleasanter | 2024-02-28 | N/A | 6.1 MEDIUM |
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | |||||
CVE-2023-32517 | 1 Ibericode | 1 Mailchimp | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | |||||
CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | |||||
CVE-2023-6389 | 1 Abhinavsingh | 1 Wordpress Toolbar | 2024-02-28 | N/A | 6.1 MEDIUM |
The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
CVE-2024-21734 | 1 Sap | 1 Marketing | 2024-02-28 | N/A | 5.4 MEDIUM |
SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | |||||
CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2024-02-28 | N/A | 5.4 MEDIUM |
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | |||||
CVE-2023-5986 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-02-28 | N/A | 6.1 MEDIUM |
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. | |||||
CVE-2023-6545 | 1 Beckhoff | 2 Authelia-bhf, Twincat\/bsd | 2024-02-28 | N/A | 4.7 MEDIUM |
The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia. | |||||
CVE-2023-49061 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 6.1 MEDIUM |
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | |||||
CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-02-28 | N/A | 6.1 MEDIUM |
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | |||||
CVE-2023-49104 | 1 Owncloud | 1 Oauth2 | 2024-02-28 | N/A | 6.1 MEDIUM |
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. |