Total
966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3639 | 1 Uninett | 1 Mod Auth Mellon | 2024-02-04 | N/A | 6.1 MEDIUM |
| A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. | |||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | |||||
| CVE-2022-38131 | 1 Rstudio | 1 Connect | 2024-02-04 | N/A | 6.1 MEDIUM |
| RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. | |||||
| CVE-2022-25295 | 1 Getgophish | 1 Gophish | 2024-02-04 | N/A | 5.4 MEDIUM |
| This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts with multiple backslashes like \\\\\\example.com, browser will redirect user to http://example.com. | |||||
| CVE-2022-30706 | 1 Twinkletoessoftware | 1 Booked | 2024-02-04 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-41215 | 1 Sap | 1 Netweaver Application Server Abap | 2024-02-04 | N/A | 4.7 MEDIUM |
| SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | |||||
| CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2024-02-04 | N/A | 6.1 MEDIUM |
| An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | |||||
| CVE-2022-41260 | 1 Sap | 1 Financial Consolidation | 2024-02-04 | N/A | 6.1 MEDIUM |
| SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input which may allow an unauthenticated attacker to inject a web script via a GET request. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-30562 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-02-04 | 4.0 MEDIUM | 4.7 MEDIUM |
| If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-29718 | 1 Caddyserver | 1 Caddy | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2022-29272 | 1 Nagios | 1 Nagios Xi | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | |||||
| CVE-2021-25111 | 1 English Wordpress Admin Project | 1 English Wordpress Admin | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue | |||||
| CVE-2022-28215 | 1 Sap | 1 Netweaver Abap | 2024-02-04 | 4.3 MEDIUM | 4.7 MEDIUM |
| SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | |||||
| CVE-2022-24858 | 1 Nextauth.js | 1 Next-auth | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`. | |||||
| CVE-2022-0165 | 1 King-theme | 1 Kingcomposer | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users | |||||
| CVE-2022-26158 | 1 Cherwell | 1 Cherwell Service Management | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-24330 | 1 Jetbrains | 1 Teamcity | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | |||||
| CVE-2022-27110 | 1 Orangehrm | 1 Orangehrm | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. | |||||
| CVE-2022-24969 | 1 Apache | 1 Dubbo | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | |||||
| CVE-2022-27090 | 1 Chshcms | 1 Cscms | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. | |||||