Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-1000481 | 1 Plone | 1 Plone | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix. | |||||
CVE-2017-3085 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2024-02-28 | 4.3 MEDIUM | 7.4 HIGH |
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect. | |||||
CVE-2017-1000163 | 1 Phoenixframework | 1 Phoenix | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks. | |||||
CVE-2016-8949 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836. | |||||
CVE-2017-1668 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562. | |||||
CVE-2017-3105 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||||
CVE-2017-14725 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | |||||
CVE-2017-1287 | 1 Ibm | 1 Rhapsody Design Manager | 2024-02-28 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
CVE-2017-6018 | 1 Bbraun | 2 Spacestation, Station Firmware | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. | |||||
CVE-2017-11586 | 1 Finecms | 1 Finecms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php. | |||||
CVE-2017-1450 | 1 Ibm | 1 Emptoris Sourcing | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. | |||||
CVE-2017-1195 | 1 Ibm | 1 Curam Social Program Management | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 123670. | |||||
CVE-2017-16569 | 1 Zurmo | 1 Zurmo Crm | 2024-02-28 | 4.9 MEDIUM | 4.8 MEDIUM |
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||||
CVE-2015-5054 | 1 Ellucian | 1 Banner Student | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | |||||
CVE-2017-1000027 | 1 Koozali | 1 Sme Server | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access. | |||||
CVE-2017-9296 | 1 Hitachi | 1 Device Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites. | |||||
CVE-2017-11718 | 1 Metinfo Project | 1 Metinfo | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php. | |||||
CVE-2015-6961 | 1 Web2py | 1 Web2py | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout. | |||||
CVE-2017-14525 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
CVE-2017-7233 | 1 Djangoproject | 1 Django | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. |