Vulnerabilities (CVE)

Filtered by CWE-601
Total 977 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-4206 1 Blackboard 1 Academic Suite 2024-11-21 4.0 MEDIUM 6.1 MEDIUM
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.
CVE-2005-1475 1 Opera 1 Opera Browser 2024-11-20 7.5 HIGH N/A
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.
CVE-2005-0420 1 Microsoft 1 Exchange Server 2024-11-20 5.8 MEDIUM N/A
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
CVE-2004-2260 1 Opera 1 Opera Browser 2024-11-20 5.0 MEDIUM N/A
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
CVE-2024-3032 1 Themify 1 Builder 2024-11-20 N/A 6.1 MEDIUM
Themify Builder WordPress plugin before 7.5.8 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue
CVE-2024-1240 1 Pyload 1 Pyload 2024-11-19 N/A 6.1 MEDIUM
An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79.
CVE-2024-52512 2024-11-18 N/A 3.3 LOW
user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0.
CVE-2022-20634 2024-11-18 N/A 4.7 MEDIUM
A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
CVE-2024-47530 1 Clinical-genomics 1 Scout 2024-11-15 N/A 6.1 MEDIUM
Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.
CVE-2024-11207 2024-11-15 4.0 MEDIUM 4.3 MEDIUM
A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-27592 2024-11-14 N/A 4.3 MEDIUM
Open Redirect vulnerability in Corezoid Process Engine v6.5.0 allows attackers to redirect to arbitrary websites via appending a crafted link to /login/ in the login page URL.
CVE-2024-47648 1 Theeventprime 1 Eventprime 2024-11-14 N/A 6.1 MEDIUM
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5.
CVE-2024-50345 2024-11-08 N/A 3.1 LOW
symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-30140 2024-11-08 N/A 5.4 MEDIUM
HCL BigFix Compliance is affected by unvalidated redirects and forwards. The HOST header can be manipulated by an attacker and as a result, it can poison the web cache and provide back to users being served the page.
CVE-2024-25566 1 Forgerock 1 Access Management 2024-11-08 N/A 6.1 MEDIUM
An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks
CVE-2024-48463 2024-11-06 N/A 6.5 MEDIUM
Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.
CVE-2024-21684 2024-11-05 N/A 3.1 LOW
There is a low severity open redirect vulnerability within affected versions of Bitbucket Data Center. Versions of Bitbucket DC from 8.0.0 to 8.9.12 and 8.19.0 to 8.19.1 are affected by this vulnerability. It is patched in 8.9.13 and 8.19.2. This open redirect vulnerability, with a CVSS Score of 3.1 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N, allows an unauthenticated attacker to redirect a victim user upon login to Bitbucket Data Center to any arbitrary site which can be utilized for further exploitation which has low impact to confidentiality, no impact to integrity, no impact to availability, and requires user interaction. Atlassian recommends that Bitbucket Data Center customers upgrade to the version. If you are unable to do so, upgrade your instance to one of the supported fixed versions.
CVE-2024-8883 1 Redhat 6 Build Of Keycloak, Openshift Container Platform, Openshift Container Platform For Ibm Z and 3 more 2024-11-05 N/A 6.1 MEDIUM
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.
CVE-2024-27184 2024-11-04 N/A 6.1 MEDIUM
Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not..
CVE-2024-25559 2024-11-01 N/A 4.7 MEDIUM
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log.