Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3898 | 1 Bonitasoft | 1 Bonita Bpm Portal | 2019-04-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice. | |||||
| CVE-2019-3877 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2019-04-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. | |||||
| CVE-2019-10255 | 1 Jupyter | 2 Jupyterhub, Notebook | 2019-04-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected. | |||||
| CVE-2019-11016 | 1 Elgg | 1 Elgg | 2019-04-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect. | |||||
| CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2019-04-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | |||||
| CVE-2018-15180 | 1 Qasymphony | 1 Qtest Manager | 2019-04-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. | |||||
| CVE-2017-18109 | 1 Atlassian | 1 Crowd | 2019-04-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | |||||
| CVE-2019-9837 | 1 Openid | 1 Openid Connect | 2019-03-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. | |||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2019-03-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | |||||
| CVE-2019-7416 | 1 Opentext | 1 Documentum Webtop | 2019-03-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable. | |||||
| CVE-2017-1000013 | 1 Phpmyadmin | 1 Phpmyadmin | 2019-03-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness | |||||
| CVE-2015-5354 | 1 Novius-os | 1 Novius Os | 2019-03-13 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. | |||||
| CVE-2018-11408 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2019-03-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.http_utils is inlined by a container. NOTE: this issue exists because of an incomplete fix for CVE-2017-16652. | |||||
| CVE-2017-16652 | 2 Debian, Sensiolabs | 2 Debian Linux, Symfony | 2019-03-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect response, but no check is performed on the path, which could be an absolute URL to an external domain. This Open redirect vulnerability can be exploited for example to mount effective phishing attacks. | |||||
| CVE-2017-7153 | 3 Apple, Canonical, Microsoft | 8 Icloud, Iphone Os, Itunes and 5 more | 2019-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to spoof user-interface information (about whether the entire content is derived from a valid TLS session) via a crafted web site that sends a 401 Unauthorized redirect. | |||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2019-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | |||||
| CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2019-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | |||||
| CVE-2018-10101 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | |||||
| CVE-2018-14574 | 3 Canonical, Debian, Djangoproject | 3 Ubuntu Linux, Debian Linux, Django | 2019-03-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. | |||||
| CVE-2018-19106 | 1 Avinetworks | 1 Avi Vantage | 2019-02-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. | |||||