Total
967 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23052 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-38678 | 1 Qnap | 1 Qcalagent | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | |||||
| CVE-2022-0122 | 1 Digitalbazaar | 1 Forge | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| forge is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-43532 | 1 Mozilla | 1 Firefox | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94. | |||||
| CVE-2021-36191 | 1 Fortinet | 1 Fortiweb | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests to error handlers | |||||
| CVE-2021-35205 | 1 Netscout | 1 Ngeniusone | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. | |||||
| CVE-2021-25074 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | |||||
| CVE-2021-36332 | 1 Dell | 1 Emc Cloud Link | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. | |||||
| CVE-2021-34764 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-25028 | 1 Tri | 1 Event Tickets | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue | |||||
| CVE-2021-43812 | 1 Auth0 | 1 Nextjs-auth0 | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | |||||
| CVE-2022-23184 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | |||||
| CVE-2021-3989 | 1 Showdoc | 1 Showdoc | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-43058 | 1 Replicated | 1 Replicated Classic | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site. | |||||
| CVE-2021-23401 | 1 Flask-user Project | 1 Flask-user | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False. | |||||
| CVE-2021-35037 | 1 Jamf | 1 Jamf | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822 | |||||
| CVE-2021-1397 | 1 Cisco | 48 C125 M5, C125 M5 Firmware, C220 M5 and 45 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability is known as an open redirect attack, which is used in phishing attacks to get users to visit malicious sites without their knowledge. | |||||
| CVE-2021-37699 | 1 Vercel | 1 Next.js | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0. | |||||
| CVE-2010-4266 | 1 Vanillaforums | 1 Vanilla Forums | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. | |||||
| CVE-2021-24288 | 1 Acymailing | 1 Acymailing | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim. | |||||