Total
1018 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-17870 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. | |||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | |||||
| CVE-2018-17074 | 1 Feed Statistics Project | 1 Feed Statistics | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. | |||||
| CVE-2018-16954 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
| CVE-2018-16761 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Eventum before 3.4.0 has an open redirect vulnerability. | |||||
| CVE-2018-16191 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-16174 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-15798 | 1 Pivotal Software | 1 Concourse | 2024-11-21 | 5.8 MEDIUM | 7.6 HIGH |
| Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. | |||||
| CVE-2018-15683 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. | |||||
| CVE-2018-15493 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| vBulletin 5.4.3 has an Open Redirect. | |||||
| CVE-2018-15403 | 1 Cisco | 4 Emergency Responder, Unified Communications Manager, Unified Communications Manager Im And Presence Service and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2018-15180 | 1 Qasymphony | 1 Qtest Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. | |||||
| CVE-2018-15178 | 1 Gogs | 1 Gogs | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. | |||||
| CVE-2018-14931 | 1 Polarisft | 1 Intellect Core Banking | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. | |||||
| CVE-2018-14658 | 1 Redhat | 1 Keycloak | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack | |||||
| CVE-2018-14574 | 3 Canonical, Debian, Djangoproject | 3 Ubuntu Linux, Debian Linux, Django | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | |||||
| CVE-2018-14474 | 1 Goodoldweb | 1 Orange Forum | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup. | |||||
| CVE-2018-14398 | 1 Cremecrm | 1 Cremecrm | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. | |||||
| CVE-2018-14381 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. | |||||
| CVE-2018-14366 | 2 Ivanti, Pulsesecure | 3 Connect Secure, Pulse Connect Secure, Pulse Policy Secure | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability. | |||||