Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18414 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300). | |||||
CVE-2019-5433 | 1 Revive-adserver | 1 Revive Adserver | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0. | |||||
CVE-2017-18441 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 5.0 MEDIUM |
cPanel before 64.0.21 allows demo accounts to redirect web traffic (SEC-245). | |||||
CVE-2019-11016 | 1 Elgg | 1 Elgg | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. | |||||
CVE-2019-10721 | 1 Dotnetblogengine | 1 Blogengine.net | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. | |||||
CVE-2019-5978 | 1 Cybozu | 1 Garoon | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | |||||
CVE-2019-14223 | 1 Alfresco | 1 Alfresco | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). | |||||
CVE-2019-5969 | 1 Weseek | 1 Growi | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login. | |||||
CVE-2019-4035 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. | |||||
CVE-2019-15820 | 1 Login Or Logout Menu Item Project | 1 Login Or Logout Menu Item | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | |||||
CVE-2019-5823 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
CVE-2019-15776 | 1 Webcraftic | 1 Simple 301 Redirects-addon-bulk Uploader | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. | |||||
CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | |||||
CVE-2019-13422 | 1 Search-guard | 1 Search Guard | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | |||||
CVE-2019-4092 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. | |||||
CVE-2017-5871 | 1 Odoo | 1 Odoo | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote). | |||||
CVE-2019-13038 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | |||||
CVE-2018-15180 | 1 Qasymphony | 1 Qtest Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. | |||||
CVE-2019-5946 | 1 Cybozu | 1 Garoon | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen. | |||||
CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). |