Total
1018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0681 | 1 Rapid7 | 1 Insightvm | 2024-11-21 | N/A | 4.3 MEDIUM |
| Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. | |||||
| CVE-2023-0155 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown | |||||
| CVE-2023-0042 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. | |||||
| CVE-2022-4720 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-4644 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. | |||||
| CVE-2022-4589 | 1 Django Terms And Conditions Project | 1 Django Terms And Conditions | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175. | |||||
| CVE-2022-4317 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2024-11-21 | N/A | 5.0 MEDIUM |
| An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. | |||||
| CVE-2022-48358 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.4 HIGH |
| The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions. | |||||
| CVE-2022-47500 | 1 Apache | 1 Helix | 2024-11-21 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue. | |||||
| CVE-2022-46886 | 1 Servicenow | 1 Servicenow | 2024-11-21 | N/A | 5.5 MEDIUM |
| There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain. | |||||
| CVE-2022-46784 | 1 Squaredup | 1 Dashboard Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) | |||||
| CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2024-11-21 | N/A | 6.1 MEDIUM |
| Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | |||||
| CVE-2022-46407 | 1 Ericsson | 1 Network Manager | 2024-11-21 | N/A | 4.8 MEDIUM |
| Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability | |||||
| CVE-2022-46288 | 1 Jacic | 1 Electronic Bidding Core System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-45917 | 1 Ilias | 1 Ilias | 2024-11-21 | N/A | 6.1 MEDIUM |
| ILIAS before 7.16 has an Open Redirect. | |||||
| CVE-2022-45582 | 1 Openstack | 1 Horizon | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | |||||
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | N/A | 6.1 MEDIUM |
| Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | |||||
| CVE-2022-45402 | 1 Apache | 1 Airflow | 2024-11-21 | N/A | 6.1 MEDIUM |
| In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. | |||||
| CVE-2022-45169 | 1 Liveboxcloud | 1 Vdesk | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link. | |||||
| CVE-2022-44718 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | N/A | 3.5 LOW |
| An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. | |||||