Vulnerabilities (CVE)

Filtered by CWE-601
Total 1018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-23184 1 Octopus 2 Octopus Deploy, Octopus Server 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects.
CVE-2022-23102 1 Siemens 1 Sinema Remote Connect Server 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.
CVE-2022-23078 1 Habitica 1 Habitica 2024-11-21 5.8 MEDIUM N/A
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.
CVE-2022-22919 1 Adenza 1 Axiomsl Controllerview 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs.
CVE-2022-22797 1 Sysaid 1 Sysaid 2024-11-21 5.8 MEDIUM 4.6 MEDIUM
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
CVE-2022-21651 1 Shopware 1 Shopware 2024-11-21 5.8 MEDIUM 6.8 MEDIUM
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.
CVE-2022-20794 1 Cisco 2 Roomos, Telepresence Collaboration Endpoint 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2022-1774 1 Diagrams 1 Drawio 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
CVE-2022-1702 1 Sonicwall 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
CVE-2022-1254 1 Mcafee 1 Web Gateway 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.
CVE-2022-1233 1 Uri.js Project 1 Uri.js 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.
CVE-2022-1230 1 Samsung 2 Galaxy S21, Galaxy S21 Firmware 2024-11-21 N/A 3.9 LOW
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918.
CVE-2022-1058 1 Gitea 1 Gitea 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
CVE-2022-1019 1 Automatedlogic 1 Webctrl Server 2024-11-21 5.8 MEDIUM 5.2 MEDIUM
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file.
CVE-2022-0869 1 Spirit-project 1 Spirit 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
CVE-2022-0868 1 Uri.js Project 1 Uri.js 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.
CVE-2022-0697 1 Archivy Project 1 Archivy 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.
CVE-2022-0692 1 Alltube Project 1 Alltube 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.
CVE-2022-0645 1 Posthog 1 Posthog 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1.
CVE-2022-0637 1 Mozilla 1 Pollbot 2024-11-21 N/A 6.1 MEDIUM
open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6