Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0681 | 1 Rapid7 | 1 Insightvm | 2024-02-28 | N/A | 6.1 MEDIUM |
| Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. | |||||
| CVE-2023-22729 | 1 Silverstripe | 1 Framework | 2024-02-28 | N/A | 6.1 MEDIUM |
| Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | |||||
| CVE-2020-21038 | 1 Typecho | 1 Typecho | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. | |||||
| CVE-2022-46407 | 1 Ericsson | 1 Network Manager | 2024-02-28 | N/A | 4.8 MEDIUM |
| Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability | |||||
| CVE-2023-33405 | 1 Blogengine | 1 Blogengine.net | 2024-02-28 | N/A | 6.1 MEDIUM |
| Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. | |||||
| CVE-2023-29540 | 1 Mozilla | 2 Firefox, Focus | 2024-02-28 | N/A | 6.1 MEDIUM |
| Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2022-2237 | 1 Redhat | 2 Keycloak Node.js Adapter, Single Sign-on | 2024-02-28 | N/A | 6.1 MEDIUM |
| A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. | |||||
| CVE-2022-43950 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-02-28 | N/A | 4.7 MEDIUM |
| A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. | |||||
| CVE-2022-23527 | 2 Debian, Openidc | 2 Debian Linux, Mod Auth Openidc | 2024-02-28 | N/A | 6.1 MEDIUM |
| mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed. | |||||
| CVE-2022-44718 | 1 Netscout | 1 Ngeniusone | 2024-02-28 | N/A | 3.5 LOW |
| An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. | |||||
| CVE-2022-43721 | 1 Apache | 1 Superset | 2024-02-28 | N/A | 5.4 MEDIUM |
| An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||
| CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2024-02-28 | N/A | 6.1 MEDIUM |
| Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | |||||
| CVE-2023-27292 | 1 Opencats | 1 Opencats | 2024-02-28 | N/A | 5.4 MEDIUM |
| An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | |||||
| CVE-2022-45917 | 1 Ilias | 1 Ilias | 2024-02-28 | N/A | 6.1 MEDIUM |
| ILIAS before 7.16 has an Open Redirect. | |||||
| CVE-2023-22432 | 1 Web2py | 1 Web2py | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2023-22798 | 1 Brave | 1 Adblock-lists | 2024-02-28 | N/A | 6.1 MEDIUM |
| Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web. | |||||
| CVE-2022-4644 | 1 Ikus-soft | 1 Rdiffweb | 2024-02-28 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. | |||||
| CVE-2022-41275 | 1 Sap | 1 Solution Manager | 2024-02-28 | N/A | 6.1 MEDIUM |
| In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. | |||||
| CVE-2022-34474 | 1 Mozilla | 1 Firefox | 2024-02-28 | N/A | 6.1 MEDIUM |
| Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | |||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2024-02-28 | N/A | 6.1 MEDIUM |
| An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | |||||