Total
1018 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8143 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter. | |||||
CVE-2020-7936 | 1 Plone | 1 Plone | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | |||||
CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
CVE-2020-6803 | 1 Mozilla | 1 Webthings Gateway | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | |||||
CVE-2020-6365 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits. | |||||
CVE-2020-6266 | 1 Sap | 1 Fiori | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | |||||
CVE-2020-6223 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. | |||||
CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
CVE-2020-6211 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
CVE-2020-5733 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information. | |||||
CVE-2020-5732 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators. | |||||
CVE-2020-5627 | 1 Yodobashi | 1 Yodobashi | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
CVE-2020-5623 | 1 Nitori | 1 Nitori | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2020-5541 | 1 Cybersolutions | 1 Cybermail | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. | |||||
CVE-2020-5409 | 1 Pivotal Software | 1 Concourse | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.) | |||||
CVE-2020-5337 | 1 Rsa | 1 Archer | 2024-11-21 | 5.8 MEDIUM | 4.6 MEDIUM |
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
CVE-2020-5329 | 1 Dell | 1 Emc Avamar Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. | |||||
CVE-2020-5270 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.8 MEDIUM | 4.1 MEDIUM |
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5 | |||||
CVE-2020-5233 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-11-21 | 5.8 MEDIUM | 5.9 MEDIUM |
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. |