Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-32551 | 1 Canonical | 1 Landscape | 2024-02-28 | N/A | 6.1 MEDIUM |
Landscape allowed URLs which caused open redirection. | |||||
CVE-2022-37940 | 1 Hpe | 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more | 2024-02-28 | N/A | 6.1 MEDIUM |
Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. | |||||
CVE-2023-34415 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 6.1 MEDIUM |
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. | |||||
CVE-2023-28364 | 1 Brave | 1 Browser | 2024-02-28 | N/A | 6.1 MEDIUM |
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. | |||||
CVE-2023-0155 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 5.4 MEDIUM |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown | |||||
CVE-2023-22256 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-28 | N/A | 5.4 MEDIUM |
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2024-02-28 | N/A | 6.1 MEDIUM |
An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | |||||
CVE-2023-22263 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-28 | N/A | 5.4 MEDIUM |
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
CVE-2023-35171 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | N/A | 6.1 MEDIUM |
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available. | |||||
CVE-2023-20884 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Cloud Foundation and 3 more | 2024-02-28 | N/A | 6.1 MEDIUM |
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure. | |||||
CVE-2023-29204 | 1 Xwiki | 1 Xwiki | 2024-02-28 | N/A | 6.1 MEDIUM |
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. | |||||
CVE-2023-22261 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-28 | N/A | 5.4 MEDIUM |
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
CVE-2023-35948 | 1 Novu | 1 Novu | 2024-02-28 | N/A | 6.1 MEDIUM |
Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch. | |||||
CVE-2022-1230 | 1 Samsung | 2 Galaxy S21, Galaxy S21 Firmware | 2024-02-28 | N/A | 3.9 LOW |
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918. | |||||
CVE-2023-34224 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | N/A | 4.8 MEDIUM |
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible | |||||
CVE-2023-22259 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-28 | N/A | 5.4 MEDIUM |
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
CVE-2023-29307 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-28 | N/A | 5.4 MEDIUM |
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
CVE-2023-32218 | 1 Avaya | 1 Ix Workforce Engagement | 2024-02-28 | N/A | 6.1 MEDIUM |
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
CVE-2023-22264 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-28 | N/A | 5.4 MEDIUM |
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
CVE-2022-46886 | 1 Servicenow | 1 Servicenow | 2024-02-28 | N/A | 6.1 MEDIUM |
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain. |