Total
1018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35953 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | N/A | 7.1 HIGH |
| BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5. | |||||
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | |||||
| CVE-2022-35406 | 1 Portswigger | 1 Burp Suite | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect. | |||||
| CVE-2022-34474 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.1 MEDIUM |
| Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | |||||
| CVE-2022-33146 | 1 Web2py | 1 Web2py | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-32444 | 1 Yuba | 1 U5cms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | |||||
| CVE-2022-31735 | 1 Osstech | 1 Openam | 2024-11-21 | N/A | 6.1 MEDIUM |
| OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website. | |||||
| CVE-2022-31657 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. | |||||
| CVE-2022-31193 | 1 Duraspace | 1 Dspace | 2024-11-21 | N/A | 7.1 HIGH |
| DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability. | |||||
| CVE-2022-31151 | 1 Nodejs | 1 Undici | 2024-11-21 | N/A | 3.7 LOW |
| Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default). | |||||
| CVE-2022-31040 | 1 Maykinmedia | 1 Open Forms | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. | |||||
| CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
| CVE-2022-30706 | 1 Twinkletoessoftware | 1 Booked | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-30562 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
| If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2024-11-21 | N/A | 6.1 MEDIUM |
| A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | |||||
| CVE-2022-2252 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | |||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
| CVE-2022-2237 | 1 Redhat | 2 Keycloak Node.js Adapter, Single Sign-on | 2024-11-21 | N/A | 6.1 MEDIUM |
| A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function. | |||||
| CVE-2022-29912 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | N/A | 6.1 MEDIUM |
| Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||