Total
966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31245 | 2 Control4, Snapone | 13 Ca-1, Ca-10, Ea-1 and 10 more | 2024-02-04 | N/A | 6.1 MEDIUM |
| Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web. | |||||
| CVE-2023-22257 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22261 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22263 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-32218 | 1 Avaya | 1 Ix Workforce Engagement | 2024-02-04 | N/A | 6.1 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2023-22259 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-24030 | 1 Zimbra | 1 Collaboration | 2024-02-04 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807. | |||||
| CVE-2023-0155 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown | |||||
| CVE-2022-4946 | 1 Accesspressthemes | 1 Frontend Post Wordpress Plugin | 2024-02-04 | N/A | 5.4 MEDIUM |
| The Frontend Post WordPress Plugin WordPress plugin through 2.8.4 does not validate an attribute of one of its shortcode, which could allow users with a role as low as contributor to add a malicious shortcode to a page/post, which will redirect users to an arbitrary domain. | |||||
| CVE-2023-35948 | 1 Novu | 1 Novu | 2024-02-04 | N/A | 6.1 MEDIUM |
| Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch. | |||||
| CVE-2023-22262 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2022-46886 | 1 Servicenow | 1 Servicenow | 2024-02-04 | N/A | 6.1 MEDIUM |
| There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain. | |||||
| CVE-2023-22260 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22256 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-02-04 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2022-37940 | 1 Hpe | 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more | 2024-02-04 | N/A | 6.1 MEDIUM |
| Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. | |||||
| CVE-2023-3515 | 1 Gitea | 1 Gitea | 2024-02-04 | N/A | 4.4 MEDIUM |
| Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | |||||
| CVE-2023-0876 | 1 Joomunited | 1 Wp Meta Seo | 2024-02-04 | N/A | 6.1 MEDIUM |
| The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. | |||||
| CVE-2023-29307 | 2024-02-04 | N/A | 5.4 MEDIUM | ||
| Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2022-46407 | 1 Ericsson | 1 Network Manager | 2024-02-04 | N/A | 4.8 MEDIUM |
| Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability | |||||
| CVE-2023-29204 | 1 Xwiki | 1 Xwiki | 2024-02-04 | N/A | 6.1 MEDIUM |
| XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. | |||||