Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6291 | 1 Redhat | 8 Enterprise Linux, Keycloak, Migration Toolkit For Applications and 5 more | 2024-11-21 | N/A | 7.1 HIGH |
|
A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users.
|
|||||
| CVE-2023-5986 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-11-21 | N/A | 8.2 HIGH |
|
A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input
attackers can cause the software’s web application to redirect to the chosen domain after a
successful login is performed.
|
|||||
| CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-11-21 | N/A | 8.2 HIGH |
|
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could
cause disclosure of information through phishing attempts over HTTP.
|
|||||
| CVE-2023-5610 | 1 S-sols | 1 Seraphinite Accelerator | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect
|
|||||
| CVE-2023-5445 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
|
|||||
| CVE-2023-5375 | 1 Mosparo | 1 Mosparo | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
|
|||||
| CVE-2023-52263 | 1 Brave | 1 Browser | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
|
|||||
| CVE-2023-51675 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.
|
|||||
| CVE-2023-51517 | 1 Codepeople | 1 Calculated Fields Form | 2024-11-21 | N/A | 4.1 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28.
|
|||||
| CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.
|
|||||
| CVE-2023-50704 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.
|
|||||
| CVE-2023-50297 | 1 Alfasado | 1 Powercms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability.
|
|||||
| CVE-2023-4965 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 3.3 LOW | 2.7 LOW |
|
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.
|
|||||
| CVE-2023-4964 | 1 Microfocus | 2 Asset Management X, Service Management Automation X | 2024-11-21 | N/A | 8.2 HIGH |
|
Potential open redirect vulnerability
in opentext Service Management Automation X
(SMAX) versions 2020.05, 2020.08,
2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset
Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The
vulnerability could allow attackers to redirect a user to
malicious websites.
|
|||||
| CVE-2023-49281 | 1 Cainor | 1 Calendarinho | 2024-11-21 | N/A | 4.7 MEDIUM |
|
Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15 ...
Show More |
|||||
| CVE-2023-49240 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2023-49104 | 1 Owncloud | 1 Oauth2 | 2024-11-21 | N/A | 8.7 HIGH |
|
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.
|
|||||
| CVE-2023-49061 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
|
|||||
| CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2024-11-21 | N/A | 6.1 MEDIUM |
|
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
|
|||||
| CVE-2023-48325 | 1 Pluginops | 1 Landing Page Builder | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.
|
|||||
| CVE-2023-48003 | 1 Aspnetzero | 1 Asp.net Zero | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
|
|||||
| CVE-2023-47779 | 1 Crmperks | 1 Integration For Constant Contact And Contact Form 7\, Wpforms\, Elementor\, Ninja | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4.
|
|||||
| CVE-2023-47548 | 1 Softlabbd | 1 Integrate Google Drive | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2.
|
|||||
| CVE-2023-47168 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
|
|||||
| CVE-2023-46688 | 1 Pleasanter | 1 Pleasanter | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL.
|
|||||
| CVE-2023-46624 | 1 Parcelpro | 1 Parcel Pro | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11.
|
|||||
| CVE-2023-45909 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | N/A | 6.1 MEDIUM |
|
zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.
|
|||||
| CVE-2023-45762 | 1 Michaeluno | 1 Responsive Column Widgets | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7.
|
|||||
| CVE-2023-45203 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
|
|||||
| CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
|
|||||
| CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
|
|||||
| CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.
|
|||||
| CVE-2023-42502 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 4.8 MEDIUM |
|
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.
|
|||||
| CVE-2023-41699 | 1 Payara | 1 Payara | 2024-11-21 | N/A | 6.1 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11.
|
|||||
| CVE-2023-41648 | 1 Swapnilpatil | 1 Login And Logout Redirect | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3.
|
|||||
| CVE-2023-41609 | 1 Couchcms | 1 Couchcms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.
|
|||||
| CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.
|
|||||
| CVE-2023-40602 | 1 Doofinder | 1 Doofinder | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49.
|
|||||
| CVE-2023-40306 | 1 Sap | 1 S\/4hana | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.
|
|||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||