Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14912 | 1 Prise | 1 Adas | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. | |||||
CVE-2018-20929 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392). | |||||
CVE-2019-11269 | 2 Oracle, Pivotal Software | 2 Banking Corporate Lending, Spring Security Oauth | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. | |||||
CVE-2019-15775 | 1 Learning Courses Project | 1 Learning Courses | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | |||||
CVE-2018-13384 | 1 Fortinet | 1 Fortios | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. | |||||
CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | |||||
CVE-2019-1075 | 1 Microsoft | 1 Asp.net Core | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | |||||
CVE-2018-8913 | 1 Synology | 1 Web Station | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL. | |||||
CVE-2019-0540 | 1 Microsoft | 5 Excel Viewer, Office, Office 365 Proplus and 2 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||||
CVE-2019-7416 | 1 Opentext | 1 Documentum Webtop | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. | |||||
CVE-2019-15774 | 1 Booking Project | 1 Booking | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | |||||
CVE-2019-10955 | 1 Rockwellautomation | 11 Compactlogix 5370 L1, Compactlogix 5370 L1 Firmware, Compactlogix 5370 L2 and 8 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user’s machine. | |||||
CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | |||||
CVE-2017-14394 | 1 Forgerock | 2 Access Management, Openam | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect. | |||||
CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | |||||
CVE-2016-10769 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). | |||||
CVE-2019-1020016 | 1 Ash-aio Project | 1 Ash-aio | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
ASH-AIO before 2.0.0.3 allows an open redirect. | |||||
CVE-2019-6009 | 1 Ss-proj | 1 Shirasagi | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2019-3877 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. |