Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23435 | 1 Thoughtbot | 1 Clearance | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com). | |||||
| CVE-2021-20031 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. | |||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-32805 | 1 Flask-appbuilder Project | 1 Flask-appbuilder | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. | |||||
| CVE-2021-22964 | 1 Fastify | 1 Fastify-static | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`. | |||||
| CVE-2021-20806 | 1 Cybozu | 1 Remote Service Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2021-43064 | 1 Fortinet | 1 Fortiweb | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. | |||||
| CVE-2021-41826 | 1 Place | 1 Placeos Authentication | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. | |||||
| CVE-2021-3829 | 1 Openwhyd | 1 Openwhyd | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| openwhyd is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. | |||||
| CVE-2021-40852 | 1 Tcman | 1 Gim | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | |||||
| CVE-2021-1500 | 1 Cisco | 2 Collaboration Meeting Rooms, Webex Video Mesh | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites. | |||||
| CVE-2021-45328 | 1 Gitea | 1 Gitea | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | |||||
| CVE-2022-22919 | 1 Adenza | 1 Axiomsl Controllerview | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs. | |||||
| CVE-2022-21651 | 1 Shopware | 1 Shopware | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. | |||||
| CVE-2021-43532 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94. | |||||
| CVE-2021-25074 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | |||||
| CVE-2021-24838 | 1 Bologer | 1 Anycomment | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | |||||
| CVE-2022-23184 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | |||||
| CVE-2021-3989 | 1 Showdoc | 1 Showdoc | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||