Total
742 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-24735 | 1 Pmb Project | 1 Pmb | 2023-03-13 | N/A | 6.1 MEDIUM |
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
CVE-2019-13038 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2023-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | |||||
CVE-2022-29718 | 1 Caddyserver | 1 Caddy | 2023-03-09 | 5.8 MEDIUM | 6.1 MEDIUM |
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
CVE-2020-36663 | 1 Seotool Project | 1 Seotool | 2023-03-09 | N/A | 6.1 MEDIUM |
A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. | |||||
CVE-2020-36664 | 1 Seotool Project | 1 Seotool | 2023-03-09 | N/A | 6.1 MEDIUM |
A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232. | |||||
CVE-2020-36665 | 1 Seotool Project | 1 Seotool | 2023-03-09 | N/A | 6.1 MEDIUM |
A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | |||||
CVE-2023-27292 | 1 Opencats | 1 Opencats | 2023-03-03 | N/A | 5.4 MEDIUM |
An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. | |||||
CVE-2023-0552 | 1 Genetechsolutions | 1 Pie Register | 2023-03-03 | N/A | 5.4 MEDIUM |
The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability | |||||
CVE-2019-10372 | 1 Jenkins | 1 Gitlab Oauth | 2023-03-03 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in Jenkins Gitlab Authentication Plugin 1.4 and earlier in GitLabSecurityRealm.java allows attackers to redirect users to a URL outside Jenkins after successful login. | |||||
CVE-2022-46784 | 1 Squaredup | 1 Dashboard Server | 2023-03-03 | N/A | 6.1 MEDIUM |
SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows open redirection. (The issue was originally found in 5.5.1 GA.) | |||||
CVE-2022-38779 | 1 Elastic | 1 Kibana | 2023-03-03 | N/A | 6.1 MEDIUM |
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | |||||
CVE-2022-41215 | 1 Sap | 1 Netweaver Application Server Abap | 2023-03-01 | N/A | 4.7 MEDIUM |
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | |||||
CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2023-02-28 | N/A | 6.1 MEDIUM |
** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |||||
CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2023-02-28 | N/A | 6.1 MEDIUM |
There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites. | |||||
CVE-2020-4048 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2023-02-27 | 4.9 MEDIUM | 5.7 MEDIUM |
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34). | |||||
CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2023-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
url-parse is vulnerable to URL Redirection to Untrusted Site | |||||
CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2023-02-21 | N/A | 6.1 MEDIUM |
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | |||||
CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2023-02-21 | N/A | 5.4 MEDIUM |
SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | |||||
CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2023-02-21 | N/A | 6.1 MEDIUM |
An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | |||||
CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2023-02-21 | N/A | 5.4 MEDIUM |
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. |