Total
999 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22308 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. | |||||
CVE-2023-46750 | 1 Apache | 1 Shiro | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. | |||||
CVE-2024-0319 | 1 Fireeye | 1 Hxtool | 2024-02-28 | N/A | 6.1 MEDIUM |
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | |||||
CVE-2024-21641 | 1 Flarum | 1 Flarum | 2024-02-28 | N/A | 4.7 MEDIUM |
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. | |||||
CVE-2023-6552 | 1 Tasmoadmin | 1 Tasmoadmin | 2024-02-28 | N/A | 6.1 MEDIUM |
Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability. | |||||
CVE-2024-0854 | 1 Synology | 1 Diskstation Manager | 2024-02-28 | N/A | 5.4 MEDIUM |
URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. | |||||
CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2024-02-28 | N/A | 6.1 MEDIUM |
HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | |||||
CVE-2023-47168 | 1 Mattermost | 1 Mattermost | 2024-02-28 | N/A | 6.1 MEDIUM |
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to= | |||||
CVE-2023-51517 | 1 Codepeople | 1 Calculated Fields Form | 2024-02-28 | N/A | 5.4 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28. | |||||
CVE-2023-6291 | 1 Redhat | 8 Enterprise Linux, Keycloak, Migration Toolkit For Applications and 5 more | 2024-02-28 | N/A | 7.1 HIGH |
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | |||||
CVE-2023-50704 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-02-28 | N/A | 6.1 MEDIUM |
An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | |||||
CVE-2023-38478 | 1 Crmperks | 1 Integration For Woocommerce And Quickbooks | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | |||||
CVE-2024-24291 | 1 Yzmcms | 1 Yzmcms | 2024-02-28 | N/A | 6.1 MEDIUM |
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | |||||
CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2024-02-28 | N/A | 5.4 MEDIUM |
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. | |||||
CVE-2023-31095 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | |||||
CVE-2023-48928 | 1 Franklin-electric | 1 System Sentinel Anyware | 2024-02-28 | N/A | 6.1 MEDIUM |
Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
CVE-2023-52263 | 1 Brave | 1 Browser | 2024-02-28 | N/A | 6.1 MEDIUM |
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. | |||||
CVE-2023-37982 | 1 Crmperks | 1 Integration For Salesforce And Contact Form 7\, Wpforms\, Elementor\, Ninja Forms | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. | |||||
CVE-2023-32101 | 1 Pexlechris | 1 Library Viewer | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6. | |||||
CVE-2023-35883 | 1 Magazine3 | 1 Core Web Vitals \& Pagespeed Booster | 2024-02-28 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. |