Total
966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31040 | 1 Maykinmedia | 1 Open Forms | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. | |||||
| CVE-2022-1233 | 1 Uri.js Project | 1 Uri.js | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. | |||||
| CVE-2022-0645 | 1 Posthog | 1 Posthog | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. | |||||
| CVE-2022-24794 | 1 Auth0 | 1 Express Openid Connect | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds. | |||||
| CVE-2021-23495 | 1 Karma Project | 1 Karma | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | |||||
| CVE-2022-0597 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. | |||||
| CVE-2022-32444 | 1 Yuba | 1 U5cms | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | |||||
| CVE-2021-25033 | 1 Noptin | 1 Noptin | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | |||||
| CVE-2022-2252 | 1 Microweber | 1 Microweber | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | |||||
| CVE-2022-27109 | 1 Orangehrm | 1 Orangehrm | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. | |||||
| CVE-2020-25154 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | |||||
| CVE-2022-33146 | 1 Web2py | 1 Web2py | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2021-22964 | 1 Fastify | 1 Fastify-static | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`. | |||||
| CVE-2022-23102 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | |||||
| CVE-2021-41733 | 1 Oppia | 1 Oppia | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. | |||||
| CVE-2021-43064 | 1 Fortinet | 1 Fortiweb | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. | |||||
| CVE-2021-3851 | 1 Firefly-iii | 1 Firefly Iii | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| firefly-iii is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | |||||
| CVE-2021-45408 | 1 Seeddms | 1 Seeddms | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter. | |||||