Total
967 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45408 | 1 Seeddms | 1 Seeddms | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter. | |||||
| CVE-2021-41826 | 1 Place | 1 Placeos Authentication | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. | |||||
| CVE-2021-20806 | 1 Cybozu | 1 Remote Service Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2022-21651 | 1 Shopware | 1 Shopware | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. | |||||
| CVE-2021-32805 | 1 Flask-appbuilder Project | 1 Flask-appbuilder | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. | |||||
| CVE-2021-20031 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. | |||||
| CVE-2021-43777 | 1 Redash | 1 Redash | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability. | |||||
| CVE-2021-20875 | 1 Groupsession | 1 Groupsession | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL. | |||||
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. | |||||
| CVE-2021-45328 | 1 Gitea | 1 Gitea | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | |||||
| CVE-2021-40852 | 1 Tcman | 1 Gim | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages controlled by the attacker. The exploitation of this vulnerability might allow a remote attacker to obtain information. | |||||
| CVE-2021-22963 | 1 Fastify | 1 Fastify-static | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false. | |||||
| CVE-2021-23435 | 1 Thoughtbot | 1 Clearance | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com). | |||||
| CVE-2021-4000 | 1 Showdoc | 1 Showdoc | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-34772 | 1 Cisco | 1 Orbital | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites. | |||||
| CVE-2022-22919 | 1 Adenza | 1 Axiomsl Controllerview | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs. | |||||
| CVE-2022-23599 | 1 Plone | 1 Plone | 2024-02-04 | 2.6 LOW | 6.1 MEDIUM |
| Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory. | |||||
| CVE-2021-3829 | 1 Openwhyd | 1 Openwhyd | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| openwhyd is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-24838 | 1 Bologer | 1 Anycomment | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | |||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||