Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24739 | 1 Alltube Project | 1 Alltube | 2022-03-14 | 4.0 MEDIUM | 6.1 MEDIUM |
| alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. | |||||
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. | |||||
| CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. | |||||
| CVE-2022-0869 | 1 Spirit-project | 1 Spirit | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. | |||||
| CVE-2021-3654 | 2 Openstack, Redhat | 2 Nova, Openstack Platform | 2022-03-10 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | |||||
| CVE-2022-26158 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-26156 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. | |||||
| CVE-2021-23495 | 1 Karma Project | 1 Karma | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | |||||
| CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2022-03-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||
| CVE-2022-24330 | 1 Jetbrains | 1 Teamcity | 2022-03-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | |||||
| CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2022-03-01 | 5.8 MEDIUM | N/A |
| Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | |||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2022-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | |||||
| CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2022-02-28 | 7.5 HIGH | N/A |
| The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | |||||
| CVE-2004-2260 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute. | |||||
| CVE-2022-25196 | 1 Jenkins | 1 Gitlab Authentication | 2022-02-23 | 4.9 MEDIUM | 5.4 MEDIUM |
| Jenkins GitLab Authentication Plugin 1.13 and earlier records the HTTP Referer header as part of the URL query parameters when the authentication process starts, allowing attackers with access to Jenkins to craft a URL that will redirect users to an attacker-specified URL after logging in. | |||||
| CVE-2022-0597 | 1 Microweber | 1 Microweber | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-25033 | 1 Noptin | 1 Noptin | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | |||||
| CVE-2022-23102 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-02-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | |||||
| CVE-2022-0560 | 1 Microweber | 1 Microweber | 2022-02-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-23618 | 1 Xwiki | 1 Xwiki | 2022-02-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. | |||||