Total
1018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. | |||||
| CVE-2021-41826 | 1 Place | 1 Placeos Authentication | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. | |||||
| CVE-2021-41733 | 1 Oppia | 1 Oppia | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. | |||||
| CVE-2021-41180 | 1 Nextcloud | 1 Talk | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
| Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds. | |||||
| CVE-2021-40852 | 1 Tcman | 1 Gim | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | |||||
| CVE-2021-3989 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-3851 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| firefly-iii is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-3829 | 1 Openwhyd | 1 Openwhyd | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| openwhyd is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| url-parse is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-3654 | 2 Openstack, Redhat | 2 Nova, Openstack Platform | 2024-11-21 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | |||||
| CVE-2021-3647 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| URI.js is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-3639 | 1 Uninett | 1 Mod Auth Mellon | 2024-11-21 | N/A | 6.1 MEDIUM |
| A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. | |||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | |||||
| CVE-2021-39501 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. | |||||
| CVE-2021-39425 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A | 6.1 MEDIUM |
| SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2021-39191 | 3 Debian, Fedoraproject, Openidc | 3 Debian Linux, Fedora, Mod Auth Openidc | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. | |||||
| CVE-2021-39112 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.9 MEDIUM | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. | |||||
| CVE-2021-38678 | 1 Qnap | 1 Qcalagent | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | |||||
| CVE-2021-38343 | 1 Kylephillips | 1 Nested Pages | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions. | |||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | |||||