Total
999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6780 | 1 Kaine | 1 Wise Chat | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. | |||||
| CVE-2018-16174 | 1 Thimpress | 1 Learnpress | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-15178 | 1 Gogs | 1 Gogs | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. | |||||
| CVE-2018-16761 | 1 Eventum Project | 1 Eventum | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Eventum before 3.4.0 has an open redirect vulnerability. | |||||
| CVE-2017-15419 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | |||||
| CVE-2018-11067 | 2 Dell, Vmware | 3 Emc Avamar, Emc Integrated Data Protection Appliance, Vsphere Data Protection | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
| CVE-2018-14658 | 1 Redhat | 1 Keycloak | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in JBOSS Keycloak 3.2.1.Final. The Redirect URL for both Login and Logout are not normalized in org.keycloak.protocol.oidc.utils.RedirectUtils before the redirect url is verified. This can lead to an Open Redirection attack | |||||
| CVE-2018-11784 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | |||||
| CVE-2018-13401 | 1 Atlassian | 2 Jira, Jira Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. | |||||
| CVE-2018-15493 | 1 Vbulletin | 1 Vbulletin | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| vBulletin 5.4.3 has an Open Redirect. | |||||
| CVE-2018-1736 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. | |||||
| CVE-2018-1251 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. | |||||
| CVE-2018-7804 | 1 Schneider-electric | 8 Modicom Bmxnor0200h, Modicom Bmxnor0200h Firmware, Modicom M340 and 5 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A URL Redirection to Untrusted Site vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where a user clicking on a specially crafted link can be redirected to a URL of the attacker's choosing. | |||||
| CVE-2018-14381 | 1 Pagekit | 1 Pagekit | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. | |||||
| CVE-2018-13402 | 1 Atlassian | 2 Jira, Jira Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | |||||
| CVE-2019-5915 | 1 Osstech | 1 Openam | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | |||||
| CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
| Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | |||||
| CVE-2018-15403 | 1 Cisco | 4 Emergency Responder, Unified Communications Manager, Unified Communications Manager Im And Presence Service and 1 more | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | |||||
| CVE-2018-17948 | 1 Microfocus | 1 Access Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | |||||