Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-32444 | 1 Yuba | 1 U5cms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | |||||
CVE-2022-0165 | 1 King-theme | 1 Kingcomposer | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users | |||||
CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. | |||||
CVE-2020-26877 | 1 Apifest | 1 Oauth 2.0 Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. | |||||
CVE-2022-23798 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | |||||
CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
CVE-2022-25196 | 1 Jenkins | 1 Gitlab Authentication | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. | |||||
CVE-2022-0283 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL. | |||||
CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | |||||
CVE-2022-30562 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-02-28 | 4.0 MEDIUM | 4.7 MEDIUM |
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
CVE-2022-26950 | 1 Rsa | 1 Archer | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. | |||||
CVE-2021-46379 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. | |||||
CVE-2022-27463 | 1 Wwbn | 1 Avideo | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. | |||||
CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
CVE-2022-0645 | 1 Posthog | 1 Posthog | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. | |||||
CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | |||||
CVE-2020-14118 | 1 Mi | 1 Mi App Store | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps. | |||||
CVE-2022-28215 | 1 Sap | 1 Netweaver Abap | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | |||||
CVE-2022-31040 | 1 Maykinmedia | 1 Open Forms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. | |||||
CVE-2022-0560 | 1 Microweber | 1 Microweber | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect in Packagist microweber/microweber prior to 1.2.11. |