Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41826 | 1 Place | 1 Placeos Authentication | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
|
|||||
| CVE-2021-41733 | 1 Oppia | 1 Oppia | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.
|
|||||
| CVE-2021-41180 | 1 Nextcloud | 1 Talk | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
|
Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds.
|
|||||
| CVE-2021-40852 | 1 Tcman | 1 Gim | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information.
|
|||||
| CVE-2021-3989 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
showdoc is vulnerable to URL Redirection to Untrusted Site
|
|||||
| CVE-2021-3851 | 1 Firefly-iii | 1 Firefly Iii | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
firefly-iii is vulnerable to URL Redirection to Untrusted Site
|
|||||
| CVE-2021-3829 | 1 Openwhyd | 1 Openwhyd | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
openwhyd is vulnerable to URL Redirection to Untrusted Site
|
|||||
| CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
url-parse is vulnerable to URL Redirection to Untrusted Site
|
|||||
| CVE-2021-3654 | 2 Openstack, Redhat | 2 Nova, Openstack Platform | 2024-11-21 | 4.0 MEDIUM | 6.1 MEDIUM |
|
A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
|
|||||
| CVE-2021-3647 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
URI.js is vulnerable to URL Redirection to Untrusted Site
|
|||||
| CVE-2021-3639 | 1 Uninett | 1 Mod Auth Mellon | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.
|
|||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring.
|
|||||
| CVE-2021-39501 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
|
|||||
| CVE-2021-39425 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
|
|||||
| CVE-2021-39191 | 3 Debian, Fedoraproject, Openidc | 3 Debian Linux, Fedora, Mod Auth Openidc | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applie ...
Show More |
|||||
| CVE-2021-39112 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.9 MEDIUM | 4.8 MEDIUM |
|
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.
|
|||||
| CVE-2021-38678 | 1 Qnap | 1 Qcalagent | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
|
|||||
| CVE-2021-38343 | 1 Kylephillips | 1 Nested Pages | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.
|
|||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
|
|||||
| CVE-2021-37746 | 3 Claws-mail, Fedoraproject, Sylpheed Project | 3 Claws-mail, Fedora, Sylpheed | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
|
|||||
| CVE-2021-37699 | 1 Vercel | 1 Next.js | 2024-11-21 | 5.8 MEDIUM | 6.9 MEDIUM |
|
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. ...
Show More |
|||||
| CVE-2021-37352 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
|
|||||
| CVE-2021-36580 | 1 Icewarp | 2 Icewarp Server, Mail Server | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.
|
|||||
| CVE-2021-36332 | 1 Dell | 1 Emc Cloud Link | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.
|
|||||
| CVE-2021-36191 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.9 MEDIUM | 4.1 MEDIUM |
|
A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers
|
|||||
| CVE-2021-35966 | 1 Learningdigital | 1 Orca Hcm | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
|
|||||
| CVE-2021-35206 | 1 Gitpod | 1 Gitpod | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Gitpod before 0.6.0 allows unvalidated redirects.
|
|||||
| CVE-2021-35205 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.
|
|||||
| CVE-2021-35037 | 1 Jamf | 1 Jamf | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822
|
|||||
| CVE-2021-34807 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).
|
|||||
| CVE-2021-34772 | 1 Cisco | 1 Orbital | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is us ...
Show More |
|||||
| CVE-2021-34764 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-34763 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-34254 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
|
|||||
| CVE-2021-33707 | 1 Sap | 1 Netweaver Knowledge Management | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.
|
|||||
| CVE-2021-32956 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
|
|||||
| CVE-2021-32806 | 1 Plone | 1 Isurlinportal | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. A ...
Show More |
|||||
| CVE-2021-32786 | 3 Apache, Fedoraproject, Openidc | 3 Http Server, Fedora, Mod Auth Openidc | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of th ...
Show More |
|||||
| CVE-2021-32721 | 1 Powermux Project | 1 Powermux | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
|
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
|
|||||
| CVE-2021-32645 | 1 Tenancy | 1 Multi-tenant | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have `force_https` set to `true` (default: `false`). Version 5.7.2 contains the relevant patches to fix this bug. Stripping th ...
Show More |
|||||