Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-1000027 | 1 Koozali | 1 Sme Server | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.
|
|||||
| CVE-2022-38662 | 1 Hcltech | 1 Hcl Digital Experience | 2025-04-18 | N/A | 6.1 MEDIUM |
|
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.
|
|||||
| CVE-2024-42930 | 1 Pbootcms | 1 Pbootcms | 2025-04-17 | N/A | 6.1 MEDIUM |
|
PbootCMS 3.2.8 is vulnerable to URL Redirect.
|
|||||
| CVE-2023-6552 | 1 Tasmoadmin | 1 Tasmoadmin | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.
|
|||||
| CVE-2022-47500 | 1 Apache | 1 Helix | 2025-04-17 | N/A | 6.1 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4.
Solution: removed the the forward component since it was improper designed for UI embedding.
User please upgrade to 1.1.0 to fix this issue.
|
|||||
| CVE-2022-46288 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
|
|||||
| CVE-2022-29910 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | N/A | 6.1 MEDIUM |
|
When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100.
|
|||||
| CVE-2025-39599 | 2025-04-16 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Webilia Inc. Listdom allows Phishing. This issue affects Listdom: from n/a through 4.0.0.
|
|||||
| CVE-2025-39597 | 2025-04-16 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Arthur Yarwood Fast eBay Listings allows Phishing. This issue affects Fast eBay Listings: from n/a through 2.12.15.
|
|||||
| CVE-2022-34474 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 6.1 MEDIUM |
|
Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.
|
|||||
| CVE-2022-29912 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.1 MEDIUM |
|
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
|
|||||
| CVE-2022-34478 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-15 | N/A | 6.5 MEDIUM |
|
The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. ...
Show More |
|||||
| CVE-2022-36316 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 6.1 MEDIUM |
|
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.
|
|||||
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | N/A | 6.1 MEDIUM |
|
Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107.
|
|||||
| CVE-2016-0204 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-12 | 5.8 MEDIUM | 6.8 MEDIUM |
|
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2015-0697 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980.
|
|||||
| CVE-2016-3174 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | 4.3 MEDIUM | 7.4 HIGH |
|
An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks.
|
|||||
| CVE-2016-1000001 | 1 Flask-oidc Project | 1 Flask-oidc | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
|
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect
|
|||||
| CVE-2016-6657 | 1 Pivotal Software | 2 Cloud Foundry Elastic Runtime, Cloud Foundry Ops Manager | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
|
An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to 1.7.18 or later and 1.8.x versions to 1.8.10 or later.
|
|||||
| CVE-2015-5354 | 1 Novius-os | 1 Novius Os | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.
|
|||||
| CVE-2016-5977 | 1 Ibm | 1 Tealeaf Customer Experience | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
|
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2016-3040 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
|
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2016-3047 | 1 Ibm | 1 Filenet Workplace | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
|
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 14 Debian Linux, Drupal, Fedora and 11 more | 2025-04-12 | 5.1 MEDIUM | 8.1 HIGH |
|
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "h ...
Show More |
|||||
| CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
|
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2016-5878 | 1 Ibm | 1 Filenet Workplace | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
|
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2016-6636 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
|
|||||
| CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.8 MEDIUM | 5.4 MEDIUM |
|
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
|
|||||
| CVE-2016-9451 | 1 Drupal | 1 Drupal | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
|
Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors.
|
|||||
| CVE-2024-43280 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-11 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.
|
|||||
| CVE-2024-8148 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | N/A | 6.1 MEDIUM |
|
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
|
|||||
| CVE-2024-38037 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | N/A | 6.1 MEDIUM |
|
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
|
|||||
| CVE-2022-3614 | 1 Octopus | 1 Octopus Server | 2025-04-10 | N/A | 6.1 MEDIUM |
|
In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation.
|
|||||
| CVE-2025-32694 | 2025-04-09 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Rustaurius Ultimate WP Mail allows Phishing. This issue affects Ultimate WP Mail: from n/a through 1.3.2.
|
|||||
| CVE-2008-2951 | 2 Edgewall, Fedoraproject | 2 Trac, Fedora | 2025-04-09 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
|
|||||
| CVE-2008-1547 | 1 Microsoft | 1 Exchange Server | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
|
|||||
| CVE-2008-2052 | 1 Bitrix24 | 1 Bitrix Site Manager | 2025-04-09 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
|
|||||
| CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2025-04-09 | 5.8 MEDIUM | N/A |
|
Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site.
|
|||||
| CVE-2025-3433 | 2025-04-08 | N/A | 6.1 MEDIUM | ||
|
The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
|
|||||
| CVE-2024-31253 | 1 Wp-oauth | 1 Wp Oauth Server | 2025-04-08 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.
|
|||||