Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23618 | 1 Xwiki | 1 Xwiki | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. | |||||
| CVE-2022-24858 | 1 Nextauth.js | 1 Next-auth | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`. | |||||
| CVE-2021-23495 | 1 Karma Project | 1 Karma | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | |||||
| CVE-2022-23102 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | |||||
| CVE-2022-0122 | 1 Digitalbazaar | 1 Forge | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| forge is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-25028 | 1 Tri | 1 Event Tickets | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue | |||||
| CVE-2021-35205 | 1 Netscout | 1 Ngeniusone | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. | |||||
| CVE-2021-3851 | 1 Firefly-iii | 1 Firefly Iii | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| firefly-iii is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-44528 | 1 Rubyonrails | 1 Rails | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | |||||
| CVE-2022-23599 | 1 Plone | 1 Plone | 2024-02-28 | 2.6 LOW | 6.1 MEDIUM |
| Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. | |||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | |||||
| CVE-2021-36191 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers | |||||
| CVE-2021-20875 | 1 Groupsession | 1 Groupsession | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL. | |||||
| CVE-2021-36332 | 1 Dell | 1 Emc Cloud Link | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. | |||||
| CVE-2021-34772 | 1 Cisco | 1 Orbital | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites. | |||||
| CVE-2021-43058 | 1 Replicated | 1 Replicated Classic | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site. | |||||
| CVE-2021-45408 | 1 Seeddms | 1 Seeddms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter. | |||||
| CVE-2021-23052 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-38678 | 1 Qnap | 1 Qcalagent | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | |||||
| CVE-2021-22963 | 1 Fastify | 1 Fastify-static | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false. | |||||