Total
967 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18897 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection. | |||||
| CVE-2019-14882 | 1 Moodle | 1 Moodle | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | |||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-5627 | 1 Yodobashi | 1 Yodobashi | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2019-4209 | 1 Hcltech | 1 Connections | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | |||||
| CVE-2020-5733 | 1 Openmrs | 1 Openmrs | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information. | |||||
| CVE-2020-5337 | 1 Rsa | 1 Archer | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
| CVE-2020-11529 | 1 Getgrav | 1 Grav | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. | |||||
| CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2024-02-04 | 4.0 MEDIUM | 4.7 MEDIUM |
| A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | |||||
| CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | |||||
| CVE-2020-12283 | 1 Sourcegraph | 1 Sourcegraph | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. | |||||
| CVE-2020-13121 | 1 Rcos | 1 Submitty | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | |||||
| CVE-2019-20901 | 1 Atlassian | 2 Jira, Jira Server | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | |||||
| CVE-2020-5623 | 1 Nitori | 1 Nitori | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | |||||
| CVE-2020-3178 | 1 Cisco | 1 Content Security Management Appliance | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. | |||||
| CVE-2020-15129 | 1 Traefik | 1 Traefik | 2024-02-04 | 4.0 MEDIUM | 4.7 MEDIUM |
| In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. | |||||
| CVE-2020-14454 | 1 Mattermost | 1 Mattermost Desktop | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008. | |||||
| CVE-2020-11034 | 1 Glpi-project | 1 Glpi | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. | |||||
| CVE-2020-3954 | 1 Vmware | 1 Vrealize Log Insight | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | |||||
| CVE-2020-11882 | 1 Telefonica | 1 O2 Business | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. | |||||