Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23078 | 1 Habitica | 1 Habitica | 2024-11-21 | 5.8 MEDIUM | N/A |
|
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page.
|
|||||
| CVE-2022-22919 | 1 Adenza | 1 Axiomsl Controllerview | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs.
|
|||||
| CVE-2022-22797 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 5.8 MEDIUM | 4.6 MEDIUM |
|
Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishi ...
Show More |
|||||
| CVE-2022-21651 | 1 Shopware | 1 Shopware | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
|
Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible.
|
|||||
| CVE-2022-20794 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2022-20764 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2022-1774 | 1 Diagrams | 1 Drawio | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.
|
|||||
| CVE-2022-1702 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.
|
|||||
| CVE-2022-1254 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy ...
Show More |
|||||
| CVE-2022-1233 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.
|
|||||
| CVE-2022-1230 | 1 Samsung | 2 Galaxy S21, Galaxy S21 Firmware | 2024-11-21 | N/A | 3.9 LOW |
|
This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate p ...
Show More |
|||||
| CVE-2022-1058 | 1 Gitea | 1 Gitea | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
|
|||||
| CVE-2022-1019 | 1 Automatedlogic | 1 Webctrl Server | 2024-11-21 | 5.8 MEDIUM | 5.2 MEDIUM |
|
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file.
|
|||||
| CVE-2022-0869 | 1 Spirit-project | 1 Spirit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.
|
|||||
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.
|
|||||
| CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.
|
|||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1.
|
|||||
| CVE-2022-0645 | 1 Posthog | 1 Posthog | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1.
|
|||||
| CVE-2022-0597 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0560 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0283 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.
|
|||||
| CVE-2022-0235 | 3 Debian, Node-fetch Project, Siemens | 3 Debian Linux, Node-fetch, Sinec Ins | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
|
|||||
| CVE-2022-0165 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
|
|||||
| CVE-2022-0122 | 1 Digitalbazaar | 1 Forge | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
forge is vulnerable to URL Redirection to Untrusted Site
|
|||||
| CVE-2021-4348 | 1 Createit | 1 Ultimate Gdpr \& Ccpa Compliance Toolkit | 2024-11-21 | N/A | 7.5 HIGH |
|
The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks such as redirecting visitors to malicious sites.
|
|||||
| CVE-2021-4260 | 1 Oils-js Project | 1 Oils-js | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268.
|
|||||
| CVE-2021-4000 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
showdoc is vulnerable to URL Redirection to Untrusted Site
|
|||||
| CVE-2021-46898 | 1 Vonautomatisch | 1 Django Grappelli | 2024-11-21 | N/A | 6.1 MEDIUM |
|
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.
|
|||||
| CVE-2021-46379 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
|
|||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
|
|||||
| CVE-2021-45408 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter.
|
|||||
| CVE-2021-45328 | 1 Gitea | 1 Gitea | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
|
|||||
| CVE-2021-44528 | 1 Rubyonrails | 1 Rails | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
|
|||||
| CVE-2021-44054 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
|
An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.199 ...
Show More |
|||||
| CVE-2021-43812 | 1 Auth0 | 1 Nextjs-auth0 | 2024-11-21 | 5.8 MEDIUM | 6.4 MEDIUM |
|
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
|
|||||
| CVE-2021-43777 | 1 Redash | 1 Redash | 2024-11-21 | 5.8 MEDIUM | 6.8 MEDIUM |
|
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x. ...
Show More |
|||||
| CVE-2021-43532 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was ...
Show More |
|||||
| CVE-2021-43064 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
|
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers.
|
|||||
| CVE-2021-43058 | 1 Replicated | 1 Replicated Classic | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.
|
|||||
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter.
|
|||||