Total
966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0637 | 1 Mozilla | 1 Pollbot | 2024-02-04 | N/A | 6.1 MEDIUM |
| open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6 | |||||
| CVE-2022-38662 | 1 Hcltech | 1 Hcl Digital Experience | 2024-02-04 | N/A | 6.1 MEDIUM |
| In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | |||||
| CVE-2023-22797 | 2 Actionpack Project, Rubyonrails | 2 Actionpack, Rails | 2024-02-04 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. | |||||
| CVE-2022-4644 | 2024-02-04 | N/A | 6.1 MEDIUM | ||
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. | |||||
| CVE-2022-37927 | 1 Hpe | 1 Oneview Global Dashboard | 2024-02-04 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | |||||
| CVE-2022-3614 | 1 Octopus | 1 Octopus Server | 2024-02-04 | N/A | 6.1 MEDIUM |
| In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | |||||
| CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2024-02-04 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | |||||
| CVE-2022-38779 | 1 Elastic | 1 Kibana | 2024-02-04 | N/A | 6.1 MEDIUM |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | |||||
| CVE-2021-4260 | 2024-02-04 | N/A | 6.1 MEDIUM | ||
| A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268. | |||||
| CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2024-02-04 | N/A | 5.4 MEDIUM |
| An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | |||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2024-02-04 | N/A | 5.4 MEDIUM |
| SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | |||||
| CVE-2022-2837 | 1 Coredns.io | 1 Coredns | 2024-02-04 | N/A | 6.1 MEDIUM |
| A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD. | |||||
| CVE-2022-4496 | 2024-02-04 | N/A | 6.1 MEDIUM | ||
| The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in. | |||||
| CVE-2022-41965 | 1 Apereo | 1 Opencast | 2024-02-04 | N/A | 6.1 MEDIUM |
| Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer. | |||||
| CVE-2022-38201 | 1 Esri | 1 Arcgis Quickcapture | 2024-02-04 | N/A | 6.1 MEDIUM |
| An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain. | |||||
| CVE-2021-29864 | 1 Ibm | 1 Security Identity Manager | 2024-02-04 | N/A | 6.1 MEDIUM |
| IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 | |||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2024-02-04 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | |||||
| CVE-2022-41207 | 1 Sap | 1 Biller Direct | 2024-02-04 | N/A | 6.1 MEDIUM |
| SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. | |||||
| CVE-2022-25799 | 1 Cert | 1 Vince | 2024-02-04 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials. | |||||
| CVE-2022-43985 | 1 Apache | 1 Airflow | 2024-02-04 | N/A | 6.1 MEDIUM |
| In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. | |||||