Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28874 | 1 Seafile | 1 Seafile | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites.
|
|||||
| CVE-2023-28799 | 1 Zscaler | 1 Client Connector | 2024-11-21 | N/A | 8.2 HIGH |
|
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
|
|||||
| CVE-2023-28786 | 1 Solidwp | 1 Solid Security | 2024-11-21 | N/A | 3.7 LOW |
|
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4.
|
|||||
| CVE-2023-28628 | 1 Lambdaisland | 1 Uri | 2024-11-21 | N/A | 5.4 MEDIUM |
|
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question doesn't handle the backslash (`\`) character in the username correctly, leading to a wrong output. ex. a payload of `https://example.com\\@google.com` would return that the host is `google.com`, bu ...
Show More |
|||||
| CVE-2023-28364 | 1 Brave | 1 Browser | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL.
|
|||||
| CVE-2023-28069 | 1 Dell | 1 Streaming Data Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks.
|
|||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 4.7 MEDIUM |
|
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.
|
|||||
| CVE-2023-26494 | 1 Thethingsnetwork | 1 Lorawan-stack | 2024-11-21 | N/A | 6.1 MEDIUM |
|
lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.
|
|||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 6.1 MEDIUM |
|
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.
|
|||||
| CVE-2023-24030 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807.
|
|||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4
|
|||||
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.
|
|||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
|
SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability.
|
|||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.
|
|||||
| CVE-2023-23395 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2024-11-21 | N/A | 3.1 LOW |
|
Microsoft SharePoint Server Spoofing Vulnerability
|
|||||
| CVE-2023-22729 | 1 Silverstripe | 1 Framework | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.
|
|||||
| CVE-2023-22641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 4.1 MEDIUM |
|
A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands ...
Show More |
|||||
| CVE-2023-22418 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2023-22266 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22265 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22264 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22263 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22262 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22261 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22260 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22259 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22258 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22257 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-22256 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
|
|||||
| CVE-2023-20886 | 1 Vmware | 1 Workspace One Uem | 2024-11-21 | N/A | 8.8 HIGH |
|
VMware Workspace ONE UEM console contains an open redirect vulnerability.
A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.
|
|||||
| CVE-2023-20264 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persu ...
Show More |
|||||
| CVE-2023-20263 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-11-21 | N/A | 4.7 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
|
|||||
| CVE-2023-1279 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 2.6 LOW |
|
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.
|
|||||
| CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
|
|||||
| CVE-2023-0681 | 1 Rapid7 | 1 Insightvm | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.
|
|||||
| CVE-2023-0155 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown
|
|||||
| CVE-2022-4720 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5.
|
|||||
| CVE-2022-4644 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4.
|
|||||
| CVE-2022-4589 | 1 Django Terms And Conditions Project | 1 Django Terms And Conditions | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this ...
Show More |
|||||
| CVE-2022-4317 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2024-11-21 | N/A | 5.0 MEDIUM |
|
An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.
|
|||||