Total
966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-02-05 | N/A | 6.1 MEDIUM |
| A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | |||||
| CVE-2023-37561 | 1 Elecom | 8 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 5 more | 2024-02-05 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | |||||
| CVE-2023-20263 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-02-05 | N/A | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2021-39425 | 1 Seeddms | 1 Seeddms | 2024-02-05 | N/A | 6.1 MEDIUM |
| SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2023-35791 | 1 Vound-software | 1 Intella Connect | 2024-02-05 | N/A | 6.1 MEDIUM |
| Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | |||||
| CVE-2023-38998 | 1 Opnsense | 1 Opnsense | 2024-02-05 | N/A | 6.1 MEDIUM |
| An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2023-34917 | 1 Cms Project | 1 Cms | 2024-02-05 | N/A | 6.1 MEDIUM |
| Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | |||||
| CVE-2023-34916 | 1 Cms Project | 1 Cms | 2024-02-05 | N/A | 6.1 MEDIUM |
| Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | |||||
| CVE-2023-37947 | 1 Jenkins | 1 Openshift Login | 2024-02-05 | N/A | 6.1 MEDIUM |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2022-45582 | 1 Openstack | 1 Horizon | 2024-02-05 | N/A | 6.1 MEDIUM |
| Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | |||||
| CVE-2023-37624 | 1 Netdisco | 1 Netdisco | 2024-02-05 | N/A | 6.1 MEDIUM |
| Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2022-27861 | 1 Arscode | 1 Ninja Popups | 2024-02-05 | N/A | 6.1 MEDIUM |
| Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | |||||
| CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2024-02-05 | N/A | 5.4 MEDIUM |
| IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | |||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-02-05 | N/A | 6.1 MEDIUM |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||||
| CVE-2023-0681 | 1 Rapid7 | 1 Insightvm | 2024-02-04 | N/A | 6.1 MEDIUM |
| Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. | |||||
| CVE-2023-26494 | 1 Thethingsnetwork | 1 Lorawan-stack | 2024-02-04 | N/A | 6.1 MEDIUM |
| lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. | |||||
| CVE-2023-34415 | 1 Mozilla | 1 Firefox | 2024-02-04 | N/A | 6.1 MEDIUM |
| When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. | |||||
| CVE-2023-22264 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-34247 | 2024-02-04 | N/A | 4.1 MEDIUM | ||
| Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package. | |||||
| CVE-2023-22266 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||