Total
1018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24598 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. | |||||
| CVE-2020-24554 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. | |||||
| CVE-2020-24551 | 1 Iproom | 1 Mmc\+ | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials. | |||||
| CVE-2020-24550 | 1 Episerver | 1 Find | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. | |||||
| CVE-2020-23182 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. | |||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | |||||
| CVE-2020-22840 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | |||||
| CVE-2020-21998 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. | |||||
| CVE-2020-21038 | 1 Typecho | 1 Typecho | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. | |||||
| CVE-2020-1997 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.8 MEDIUM | 5.3 MEDIUM |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | |||||
| CVE-2020-1927 | 8 Apache, Broadcom, Canonical and 5 more | 14 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 11 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | |||||
| CVE-2020-1723 | 2 Keycloak Gatekeeper Project, Redhat | 2 Keycloak Gatekeeper, Mobile Application Platform | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0 | |||||
| CVE-2020-1323 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. | |||||
| CVE-2020-1220 | 1 Microsoft | 9 Edge, Windows 10, Windows 7 and 6 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | |||||
| CVE-2020-1059 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | |||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | |||||
| CVE-2020-18660 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. | |||||
| CVE-2020-18268 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php." | |||||
| CVE-2020-17484 | 1 Uffizio | 1 Gps Tracker | 2024-11-21 | N/A | 6.1 MEDIUM |
| An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. | |||||
| CVE-2020-15677 | 3 Debian, Mozilla, Opensuse | 5 Debian Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | |||||