Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2024-02-28 | N/A | 5.4 MEDIUM |
| IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | |||||
| CVE-2023-34916 | 1 Cms Project | 1 Cms | 2024-02-28 | N/A | 6.1 MEDIUM |
| Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | |||||
| CVE-2023-45203 | 1 Projectworlds | 1 Online Examination System | 2024-02-28 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-45909 | 1 Zzzcms | 1 Zzzphp | 2024-02-28 | N/A | 6.1 MEDIUM |
| zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | |||||
| CVE-2023-40306 | 1 Sap | 1 S\/4hana | 2024-02-28 | N/A | 6.1 MEDIUM |
| SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | |||||
| CVE-2023-37624 | 1 Netdisco | 1 Netdisco | 2024-02-28 | N/A | 6.1 MEDIUM |
| Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2023-5375 | 1 Mosparo | 1 Mosparo | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. | |||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-02-28 | N/A | 6.1 MEDIUM |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||||
| CVE-2021-46898 | 1 Vonautomatisch | 1 Django Grappelli | 2024-02-28 | N/A | 6.1 MEDIUM |
| views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | |||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-02-28 | N/A | 5.4 MEDIUM |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | |||||
| CVE-2023-34917 | 1 Cms Project | 1 Cms | 2024-02-28 | N/A | 6.1 MEDIUM |
| Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | |||||
| CVE-2021-39425 | 1 Seeddms | 1 Seeddms | 2024-02-28 | N/A | 6.1 MEDIUM |
| SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2024-02-28 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-20263 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2023-35791 | 1 Vound-software | 1 Intella Connect | 2024-02-28 | N/A | 6.1 MEDIUM |
| Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | |||||
| CVE-2023-41609 | 1 Couchcms | 1 Couchcms | 2024-02-28 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2023-20886 | 1 Vmware | 1 Workspace One Uem | 2024-02-28 | N/A | 6.1 MEDIUM |
| VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. | |||||
| CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2024-02-28 | N/A | 6.1 MEDIUM |
| An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | |||||
| CVE-2023-35029 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | |||||
| CVE-2023-22641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-02-28 | N/A | 5.4 MEDIUM |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests. | |||||