Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-02-28 | N/A | 6.1 MEDIUM |
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
CVE-2022-38779 | 1 Elastic | 1 Kibana | 2024-02-28 | N/A | 6.1 MEDIUM |
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | |||||
CVE-2022-39183 | 1 Moodle | 1 Saml Authentication | 2024-02-28 | N/A | 6.1 MEDIUM |
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | |||||
CVE-2023-22418 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-02-28 | N/A | 6.1 MEDIUM |
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
CVE-2022-43479 | 1 Ss-proj | 1 Shirasagi | 2024-02-28 | N/A | 6.1 MEDIUM |
Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack. | |||||
CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2024-02-28 | N/A | 6.1 MEDIUM |
A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | |||||
CVE-2022-44717 | 1 Netscout | 1 Ngeniusone | 2024-02-28 | N/A | 3.1 LOW |
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. | |||||
CVE-2022-28923 | 1 Caddyserver | 1 Caddy | 2024-02-28 | N/A | 6.1 MEDIUM |
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. | |||||
CVE-2022-38662 | 1 Hcltech | 1 Hcl Digital Experience | 2024-02-28 | N/A | 6.1 MEDIUM |
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | |||||
CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | N/A | 6.1 MEDIUM |
Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | |||||
CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2024-02-28 | N/A | 6.1 MEDIUM |
open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | |||||
CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2024-02-28 | N/A | 6.1 MEDIUM |
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | |||||
CVE-2023-24445 | 1 Jenkins | 1 Openid | 2024-02-28 | N/A | 6.1 MEDIUM |
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | |||||
CVE-2022-3381 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.1 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites | |||||
CVE-2022-4720 | 1 Ikus-soft | 1 Rdiffweb | 2024-02-28 | N/A | 6.1 MEDIUM |
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2024-02-28 | N/A | 5.4 MEDIUM |
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | |||||
CVE-2022-3614 | 1 Octopus | 1 Octopus Server | 2024-02-28 | N/A | 6.1 MEDIUM |
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | |||||
CVE-2022-29910 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | N/A | 6.1 MEDIUM |
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | |||||
CVE-2022-41559 | 1 Tibco | 1 Nimbus | 2024-02-28 | N/A | 9.3 CRITICAL |
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0. | |||||
CVE-2022-25295 | 1 Getgophish | 1 Gophish | 2024-02-28 | N/A | 5.4 MEDIUM |
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com. |