Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1020016 | 1 Ash-aio Project | 1 Ash-aio | 2019-08-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| ASH-AIO before 2.0.0.3 allows an open redirect. | |||||
| CVE-2018-20867 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462). | |||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2019-07-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | |||||
| CVE-2019-1010290 | 1 Cmsmadesimple | 1 Bable\ | 2019-07-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. | |||||
| CVE-2019-1075 | 1 Microsoft | 1 Asp.net Core | 2019-07-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | |||||
| CVE-2019-10721 | 1 Dotnetblogengine | 1 Blogengine.net | 2019-07-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. | |||||
| CVE-2019-5969 | 1 Weseek | 1 Growi | 2019-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login. | |||||
| CVE-2018-12621 | 1 Eventum Project | 1 Eventum | 2019-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter. | |||||
| CVE-2019-5965 | 1 Joruri | 1 Joruri Mail | 2019-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2019-13175 | 1 Readthedocs | 1 Read The Docs | 2019-07-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites). | |||||
| CVE-2017-14394 | 1 Forgerock | 2 Access Management, Openam | 2019-06-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect. | |||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2019-06-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | |||||
| CVE-2018-13384 | 1 Fortinet | 1 Fortios | 2019-06-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. | |||||
| CVE-2017-5871 | 1 Odoo | 1 Odoo | 2019-05-23 | 5.8 MEDIUM | 5.4 MEDIUM |
| Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote). | |||||
| CVE-2019-5946 | 1 Cybozu | 1 Garoon | 2019-05-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cybozu Garoon 4.2.4 to 4.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the Login Screen. | |||||
| CVE-2019-10117 | 1 Gitlab | 1 Gitlab | 2019-05-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node. | |||||
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2019-05-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). | |||||
| CVE-2018-12300 | 1 Seagate | 1 Nas Os | 2019-05-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter. | |||||
| CVE-2018-19790 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2019-05-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. | |||||
| CVE-2018-14931 | 1 Polarisft | 1 Intellect Core Banking | 2019-05-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI. | |||||