Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-3771 | 1 T1 Project | 1 T1 | 2024-02-28 | N/A | 6.1 MEDIUM |
| The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | |||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2024-02-28 | N/A | 6.1 MEDIUM |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | |||||
| CVE-2024-24808 | 1 Pyload | 1 Pyload | 2024-02-28 | N/A | 6.1 MEDIUM |
| pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. | |||||
| CVE-2023-41699 | 1 Payara | 1 Payara | 2024-02-28 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. | |||||
| CVE-2023-36085 | 1 Sisqualwfm | 1 Sisqualwfm | 2024-02-28 | N/A | 6.1 MEDIUM |
| The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | |||||
| CVE-2023-38998 | 1 Opnsense | 1 Opnsense | 2024-02-28 | N/A | 6.1 MEDIUM |
| An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2022-27861 | 1 Arscode | 1 Ninja Popups | 2024-02-28 | N/A | 6.1 MEDIUM |
| Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | |||||
| CVE-2018-25091 | 1 Python | 1 Urllib3 | 2024-02-28 | N/A | 6.1 MEDIUM |
| urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | |||||
| CVE-2023-4964 | 1 Microfocus | 2 Asset Management X, Service Management Automation X | 2024-02-28 | N/A | 6.1 MEDIUM |
| Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. | |||||
| CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2024-02-28 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2021-36580 | 1 Icewarp | 2 Icewarp Server, Mail Server | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | |||||
| CVE-2023-41080 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2024-02-28 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | |||||
| CVE-2022-45582 | 1 Openstack | 1 Horizon | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | |||||
| CVE-2019-25155 | 1 Cure53 | 1 Dompurify | 2024-02-28 | N/A | 6.1 MEDIUM |
| DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | |||||
| CVE-2022-44215 | 1 Southrivertech | 1 Titan Ftp Server | 2024-02-28 | N/A | 6.1 MEDIUM |
| There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | |||||
| CVE-2023-37947 | 1 Jenkins | 1 Openshift Login | 2024-02-28 | N/A | 6.1 MEDIUM |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2023-38574 | 1 I-pro | 1 Video Insight | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2023-39371 | 1 Startrinity | 1 Softswitch | 2024-02-28 | N/A | 6.1 MEDIUM |
| StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601) | |||||
| CVE-2023-39968 | 1 Jupyter | 1 Jupyter Server | 2024-02-28 | N/A | 6.1 MEDIUM |
| jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-37561 | 1 Elecom | 8 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 5 more | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | |||||