Total
1017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14474 | 1 Goodoldweb | 1 Orange Forum | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup. | |||||
| CVE-2018-19796 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | |||||
| CVE-2017-8989 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso, Windows and 1 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. | |||||
| CVE-2018-16191 | 1 Ec-cube | 1 Ec-cube | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2013-0594 | 1 Ibm | 1 Inotes | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383. | |||||
| CVE-2018-17074 | 1 Feed Statistics Project | 1 Feed Statistics | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. | |||||
| CVE-2018-16954 | 1 Oracle | 1 Webcenter Interaction | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
| CVE-2018-1000671 | 2 Debian, Sympa | 2 Debian Linux, Sympa | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim's browser must follow a URL supplied by the attacker. This vulnerability appears to have been fixed in none available. | |||||
| CVE-2018-17870 | 1 Btiteam | 1 Xbtit | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. | |||||
| CVE-2016-10742 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | |||||
| CVE-2015-8094 | 1 Cloudera | 1 Hue | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | |||||
| CVE-2018-6200 | 1 Vbulletin | 1 Vbulletin | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter. | |||||
| CVE-2017-18178 | 1 Progress | 1 Sitefinity | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. This is fixed in 10.1. | |||||
| CVE-2018-11119 | 1 Ilias | 1 Ilias | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter. | |||||
| CVE-2017-7153 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. | |||||
| CVE-2018-7473 | 1 Soconnect | 2 Sowifi Hotspot, Sowifi Hotspot Firmware | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. | |||||
| CVE-2017-0364 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | |||||
| CVE-2018-7674 | 1 Netiq | 1 Identity Manager | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | |||||
| CVE-2017-18262 | 1 Blackboard | 1 Blackboard Learn | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | |||||
| CVE-2018-3743 | 1 Hekto Project | 1 Hekto | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. | |||||