Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3311 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.8 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a specific malicious web page.
|
|||||
| CVE-2020-3558 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to ...
Show More |
|||||
| CVE-2024-8526 | 2024-11-21 | N/A | N/A | ||
|
A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously
crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection
of the user to a malicious webpage via "index.jsp"
|
|||||
| CVE-2024-9329 | 1 Eclipse | 1 Glassfish | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
|
|||||
| CVE-2024-4882 | 2024-11-21 | N/A | N/A | ||
|
The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions.
|
|||||
| CVE-2024-4704 | 1 Rocklobster | 1 Contact Form 7 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.
|
|||||
| CVE-2024-4612 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.4 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.
|
|||||
| CVE-2024-4604 | 2024-11-21 | N/A | 6.1 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields.This issue affects SSO (Single Sign On): from 1.0 before 1.1.
|
|||||
| CVE-2024-41801 | 1 Openproject | 1 Openproject | 2024-11-21 | N/A | 4.7 MEDIUM |
|
OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProject user's account. This vulnerability affects default packaged installation of OpenProject without any additional configuration or modules on Apache (such as mod_security, manually setting a host name, h ...
Show More |
|||||
| CVE-2024-3597 | 1 Myrecorp | 1 Export Wp Page To Static Html\/css | 2024-11-21 | N/A | 7.1 HIGH |
|
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
|
|||||
| CVE-2024-37881 | 2024-11-21 | N/A | 5.3 MEDIUM | ||
|
SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed.
|
|||||
| CVE-2024-37830 | 1 Getoutline | 1 Outline | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie.
|
|||||
| CVE-2024-37234 | 2024-11-21 | N/A | 3.5 LOW | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
|
|||||
| CVE-2024-37141 | 1 Dell | 1 Data Domain Operating System | 2024-11-21 | N/A | 3.5 LOW |
|
Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.
|
|||||
| CVE-2024-36419 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | N/A | 4.3 MEDIUM |
|
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. A vulnerability in versions prior to 8.6.1 allows for Host Header Injection when directly accessing the `/legacy` route. Version 8.6.1 contains a patch for the issue.
|
|||||
| CVE-2024-34065 | 1 Strapi | 1 Strapi | 2024-11-21 | N/A | 7.1 HIGH |
|
Strapi is an open-source content management system. By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in @strapi/plugin-users-permissions before version 4.24.2, is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication o ...
Show More |
|||||
| CVE-2024-33930 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ILLID Share This Image.This issue affects Share This Image: from n/a through 1.97.
|
|||||
| CVE-2024-33584 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Deepen Bajracharya Video Conferencing with Zoom.This issue affects Video Conferencing with Zoom: from n/a through 4.4.4.
|
|||||
| CVE-2024-32129 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.6.
|
|||||
| CVE-2024-32078 | 2024-11-21 | N/A | 4.1 MEDIUM | ||
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212.
|
|||||
| CVE-2024-31135 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.1 MEDIUM |
|
In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
|
|||||
| CVE-2024-2419 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291.
|
|||||
| CVE-2024-28287 | 2024-11-21 | N/A | 7.3 HIGH | ||
|
A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows attackers to redirect users to malicious sites via a crafted URL.
|
|||||
| CVE-2024-26504 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter.
|
|||||
| CVE-2024-25657 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
|
An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites.
|
|||||
| CVE-2024-24808 | 1 Pyload | 1 Pyload | 2024-11-21 | N/A | 4.7 MEDIUM |
|
pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451.
|
|||||
| CVE-2024-24764 | 1 Octobercms | 1 October | 2024-11-21 | N/A | 3.5 LOW |
|
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15.
|
|||||
| CVE-2024-23442 | 1 Elastic | 1 Kibana | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
|
|||||
| CVE-2024-22400 | 1 Nextcloud | 1 Sso \& Saml Authentication | 2024-11-21 | N/A | 3.1 LOW |
|
Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.
|
|||||
| CVE-2024-22308 | 1 Simple-membership-plugin | 1 Simple Membership | 2024-11-21 | N/A | 3.4 LOW |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.
|
|||||
| CVE-2024-22248 | 2024-11-21 | N/A | 7.1 HIGH | ||
|
VMware SD-WAN Orchestrator contains an open redirect vulnerability.
A malicious actor may be able to redirect a victim to an attacker
controlled domain due to improper path handling leading to sensitive
information disclosure.
|
|||||
| CVE-2024-21794 | 1 Rapidscada | 1 Rapid Scada | 2024-11-21 | N/A | 5.4 MEDIUM |
|
In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page.
|
|||||
| CVE-2024-21734 | 1 Sap | 1 Marketing | 2024-11-21 | N/A | 3.7 LOW |
|
SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.
|
|||||
| CVE-2024-1227 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
|
An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site.
|
|||||
| CVE-2024-0953 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.1 MEDIUM |
|
When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129.
|
|||||
| CVE-2024-0781 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability.
|
|||||
| CVE-2024-0319 | 1 Fireeye | 1 Hxtool | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.
|
|||||
| CVE-2023-6927 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | N/A | 4.6 MEDIUM |
|
A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134.
|
|||||
| CVE-2023-6545 | 1 Beckhoff | 2 Authelia-bhf, Twincat\/bsd | 2024-11-21 | N/A | 4.7 MEDIUM |
|
The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia.
|
|||||
| CVE-2023-6380 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.
|
|||||