Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-6035 | 1 Yahoo | 1 Athenz | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | |||||
CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | |||||
CVE-2019-4631 | 1 Ibm | 1 Security Secret Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001. | |||||
CVE-2013-2621 | 1 Telaen Project | 1 Telaen | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. | |||||
CVE-2019-1486 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio Live Share | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | |||||
CVE-2019-18451 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. | |||||
CVE-2019-6021 | 1 Ricoh | 1 Limedio | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
CVE-2018-1002102 | 2 Fedoraproject, Kubernetes | 2 Fedora, Kubernetes | 2024-02-28 | 2.1 LOW | 2.6 LOW |
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet. | |||||
CVE-2019-20225 | 1 Mybb | 1 Mybb | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
MyBB before 1.8.22 allows an open redirect on login. | |||||
CVE-2016-1000110 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Python | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests. | |||||
CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | |||||
CVE-2019-3778 | 2 Oracle, Pivotal Software | 2 Banking Corporate Lending, Spring Security Oauth | 2024-02-28 | 6.4 MEDIUM | 6.5 MEDIUM |
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient). | |||||
CVE-2019-3850 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. | |||||
CVE-2019-9837 | 1 Openid | 1 Openid Connect | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. | |||||
CVE-2019-8995 | 1 Tibco | 2 Activematrix Bpm, Silver Fabric Enabler | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1. | |||||
CVE-2019-10133 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. | |||||
CVE-2019-10117 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. | |||||
CVE-2019-4201 | 1 Ibm | 1 Jazz For Service Management | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. | |||||
CVE-2019-15773 | 1 Travel Management Project | 1 Travel Management | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | |||||
CVE-2019-5965 | 1 Joruri | 1 Joruri Mail | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |