Total
742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14474 | 1 Goodoldweb | 1 Orange Forum | 2018-10-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| views/auth.go in Orange Forum 1.4.0 allows Open Redirection via the next parameter to /login or /signup. | |||||
| CVE-2016-3174 | 1 Open-xchange | 1 Open-xchange Appsuite | 2018-10-19 | 4.3 MEDIUM | 7.4 HIGH |
| An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks. | |||||
| CVE-2017-8989 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso, Windows and 1 more | 2018-10-17 | 6.4 MEDIUM | 9.1 CRITICAL |
| A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. | |||||
| CVE-2017-7233 | 1 Djangoproject | 1 Django | 2018-10-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack. | |||||
| CVE-2018-7091 | 1 Hp | 1 Xp 9000 Command View | 2018-10-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. | |||||
| CVE-2016-7137 | 1 Plone | 1 Plone | 2018-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form. | |||||
| CVE-2015-4668 | 1 Xceedium | 1 Xsuite | 2018-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | |||||
| CVE-2015-5054 | 1 Ellucian | 1 Banner Student | 2018-10-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter. | |||||
| CVE-2018-15178 | 1 Gogs | 1 Gogs | 2018-10-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. | |||||
| CVE-2018-14381 | 1 Pagekit | 1 Pagekit | 2018-09-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability. | |||||
| CVE-2013-0594 | 1 Ibm | 1 Inotes | 2018-09-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383. | |||||
| CVE-2018-1000504 | 1 Redirection | 1 Redirection | 2018-09-04 | 9.0 HIGH | 7.2 HIGH |
| Redirection version 2.7.3 contains a ACE via file inclusion vulnerability in Pass-through mode that can result in allows admins to execute any PHP file in the filesystem. This attack appear to be exploitable via Attacker must be have access to an admin account on the target site. This vulnerability appears to have been fixed in 2.8. | |||||
| CVE-2018-11041 | 1 Pivotal Software | 2 Cloud Foundry Uaa, Cloud Foundry Uaa-release | 2018-08-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Cloud Foundry UAA, versions later than 4.6.0 and prior to 4.19.0 except 4.10.1 and 4.7.5 and uaa-release versions later than v48 and prior to v60 except v55.1 and v52.9, does not validate redirect URL values on a form parameter used for internal UAA redirects on the login page, allowing open redirects. A remote attacker can craft a malicious link that, when clicked, will redirect users to arbitrary websites after a successful login attempt. | |||||
| CVE-2017-5389 | 1 Mozilla | 1 Firefox | 2018-08-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 51. | |||||
| CVE-2016-9078 | 1 Mozilla | 1 Firefox | 2018-08-01 | 6.8 MEDIUM | 8.8 HIGH |
| Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1. | |||||
| CVE-2015-8094 | 1 Cloudera | 1 Hue | 2018-07-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | |||||
| CVE-2018-10651 | 1 Citrix | 1 Xenmobile Server | 2018-06-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | |||||
| CVE-2018-11119 | 1 Ilias | 1 Ilias | 2018-06-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter. | |||||
| CVE-2018-1000174 | 1 Jenkins | 1 Google Login | 2018-06-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. | |||||
| CVE-2018-5304 | 1 Impinj | 2 R420 Rfid Reader, R420 Rfid Reader Firmware | 2018-06-13 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party application or perform other malicious actions. | |||||