Total
1377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.
|
|||||
| CVE-2020-14446 | 1 Wso2 | 2 Identity Server, Identity Server As Key Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists.
|
|||||
| CVE-2020-14118 | 1 Mi | 1 Mi App Store | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps.
|
|||||
| CVE-2020-13662 | 1 Drupal | 1 Drupal | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions.
|
|||||
| CVE-2020-13565 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.
|
|||||
| CVE-2020-13486 | 1 Verbb | 1 Knock Knock | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.
|
|||||
| CVE-2020-13121 | 1 Rcos | 1 Submitty | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.
|
|||||
| CVE-2020-12699 | 1 Dkd | 1 Direct Mail | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.
|
|||||
| CVE-2020-12666 | 2 Fedoraproject, Go-macaron | 2 Fedora, Macaron | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
|
|||||
| CVE-2020-12483 | 1 Vivo | 1 Appstore | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
|
The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.
|
|||||
| CVE-2020-12283 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
|
|||||
| CVE-2020-11882 | 1 Telefonica | 1 O2 Business | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user.
|
|||||
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
|
|||||
| CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.
|
|||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks.
|
|||||
| CVE-2020-11611 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends.
|
|||||
| CVE-2020-11529 | 1 Getgrav | 1 Grav | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.
|
|||||
| CVE-2020-11515 | 1 Rankmath | 1 Seo | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI).
|
|||||
| CVE-2020-11053 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespac ...
Show More |
|||||
| CVE-2020-11034 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
|
|||||
| CVE-2020-10959 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.
|
|||||
| CVE-2020-10775 | 2 Oracle, Redhat | 2 Virtualization, Ovirt-engine | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
|
An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality.
|
|||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
|
|||||
| CVE-2019-9837 | 1 Openid | 1 Openid Connect | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.
|
|||||
| CVE-2019-9140 | 1 Happypointcard | 1 Happypoint | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
When processing Deeplink scheme, Happypoint mobile app 6.3.19 and earlier versions doesn't check Deeplink URL correctly. This could lead to javascript code execution, url redirection, sensitive information disclosure. An attacker can exploit this issue by enticing an unsuspecting user to open a specific malicious URL.
|
|||||
| CVE-2019-8995 | 1 Tibco | 2 Activematrix Bpm, Silver Fabric Enabler | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Sil ...
Show More |
|||||
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). ...
Show More |
|||||
| CVE-2019-8791 | 1 Apple | 1 Shazam | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect.
|
|||||
| CVE-2019-7416 | 1 Opentext | 1 Documentum Webtop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.
|
|||||
| CVE-2019-7275 | 1 Optergy | 2 Enterprise, Proton | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Optergy Proton/Enterprise devices allow Open Redirect.
|
|||||
| CVE-2019-6780 | 1 Kaine | 1 Wise Chat | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer.
|
|||||
| CVE-2019-6741 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2024-11-21 | 5.8 MEDIUM | 9.3 CRITICAL |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the ...
Show More |
|||||
| CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage.
|
|||||
| CVE-2019-6035 | 1 Yahoo | 1 Athenz | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
|
|||||
| CVE-2019-6025 | 1 Sixapart | 1 Movable Type | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Prem ...
Show More |
|||||
| CVE-2019-6021 | 1 Ricoh | 1 Limedio | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
|
|||||
| CVE-2019-6020 | 1 Alfasado | 1 Powercms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
|
|||||
| CVE-2019-6009 | 1 Ss-proj | 1 Shirasagi | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2019-6004 | 1 Fujixerox | 2 Apeosware Management Suite, Apeosware Management Suite 2 | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
|||||
| CVE-2019-5978 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'.
|
|||||