Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24210 | 1 Kiboit | 1 Phastpress | 2021-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain. | |||||
| CVE-2021-24165 | 1 Ninjaforms | 1 Ninja Forms | 2021-04-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place. | |||||
| CVE-2020-9995 | 1 Apple | 1 Macos Server | 2021-04-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. | |||||
| CVE-2021-29652 | 1 Pomerium | 1 Pomerium | 2021-04-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process | |||||
| CVE-2021-29651 | 1 Pomerium | 1 Pomerium | 2021-04-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2). | |||||
| CVE-2020-24550 | 1 Episerver | 1 Find | 2021-04-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. | |||||
| CVE-2021-21476 | 1 Sap | 1 Ui5 | 2021-04-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP UI5 versions before 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 allows an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-21377 | 1 Openmicroscopy | 1 Omero.web | 2021-03-26 | 4.9 MEDIUM | 5.4 MEDIUM |
| OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 supports redirection to a given URL after performing login or switching the group context. These URLs are not validated, allowing redirection to untrusted sites. OMERO.web 5.9.0 adds URL validation before redirecting. External URLs are not considered valid, unless specified in the omero.web.redirect_allowed_hosts setting. | |||||
| CVE-2020-12483 | 1 Vivo | 1 Appstore | 2021-03-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | |||||
| CVE-2021-21338 | 1 Typo3 | 1 Typo3 | 2021-03-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. This is fixed in versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1. | |||||
| CVE-2021-21491 | 1 Sap | 1 Netweaver Application Server Java | 2021-03-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP Netweaver Application Server Java (Applications based on WebDynpro Java) versions 7.00, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2020-28150 | 1 Inetsoftware | 1 I-net Clear Reports | 2021-03-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect. | |||||
| CVE-2021-21354 | 1 Mozilla | 1 Pollbot | 2021-03-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pollbot is open source software which "frees its human masters from the toilsome task of polling for the state of things during the Firefox release process." In Pollbot before version 1.4.4 there is an open redirection vulnerability in the path of "https://pollbot.services.mozilla.com/". An attacker can redirect anyone to malicious sites. To Reproduce type in this URL: "https://pollbot.services.mozilla.com//evil.com/". Affected versions will redirect to that website when you inject a payload like "//evil.com/". This is fixed in version 1.4.4. | |||||
| CVE-2020-29565 | 2 Debian, Openstack | 2 Debian Linux, Horizon | 2021-03-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. | |||||
| CVE-2020-12283 | 1 Sourcegraph | 1 Sourcegraph | 2021-03-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. | |||||
| CVE-2021-27404 | 1 Asus | 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware | 2021-02-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header. | |||||
| CVE-2020-35560 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-02-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php. | |||||
| CVE-2021-22984 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-02-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| On BIG-IP Advanced WAF and ASM version 15.1.x before 15.1.0.2, 15.0.x before 15.0.1.4, 14.1.x before 14.1.2.5, 13.1.x before 13.1.3.4, 12.1.x before 12.1.5.2, and 11.6.x before 11.6.5.2, when receiving a unauthenticated client request with a maliciously crafted URI, a BIG-IP Advanced WAF or ASM virtual server configured with a DoS profile with Proactive Bot Defense (versions prior to 14.1.0), or a Bot Defense profile (versions 14.1.0 and later), may subject clients and web servers to Open Redirection attacks. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2020-22840 | 1 B2evolution | 1 B2evolution | 2021-02-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | |||||
| CVE-2021-21478 | 1 Sap | 1 Web Dynpro Abap | 2021-02-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP Web Dynpro ABAP allow an attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||