Vulnerabilities (CVE)

Filtered by CWE-601
Total 977 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-4075 1 Opera 2 Opera Browser, Opera Mini 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.
CVE-2017-1159 1 Ibm 1 Business Process Manager 2024-02-04 4.9 MEDIUM 5.4 MEDIUM
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891.
CVE-2017-3799 1 Cisco 1 Webex Meeting Center 2024-02-04 5.8 MEDIUM 5.4 MEDIUM
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1.
CVE-2017-9062 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-02-04 5.0 MEDIUM 8.6 HIGH
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.
CVE-2017-1156 1 Ibm 1 Websphere Portal 2024-02-04 6.8 MEDIUM 8.8 HIGH
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
CVE-2016-10315 1 Jensenofscandinavia 6 Al3g, Al3g Firmware, Al5000ac and 3 more 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages.
CVE-2017-5571 1 Flexerasoftware 1 Flexnet Publisher 2024-02-04 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-4604 1 Apple 2 Iphone Os, Safari 2024-02-04 5.8 MEDIUM 5.4 MEDIUM
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.
CVE-2016-0928 1 Pivotal 1 Cloud Foundry Elastic Runtime 2024-02-04 5.8 MEDIUM 7.4 HIGH
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-5977 1 Ibm 1 Tealeaf Customer Experience 2024-02-04 4.9 MEDIUM 6.8 MEDIUM
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-6636 2 Cloudfoundry, Pivotal Software 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain.
CVE-2016-3040 1 Ibm 1 Security Privileged Identity Manager Virtual Appliance 2024-02-04 4.9 MEDIUM 6.8 MEDIUM
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-5878 1 Ibm 1 Filenet Workplace 2024-02-04 4.9 MEDIUM 6.8 MEDIUM
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-0204 1 Ibm 1 Cloud Orchestrator 2024-02-04 5.8 MEDIUM 6.8 MEDIUM
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2016-1000001 1 Flask-oidc Project 1 Flask-oidc 2024-02-04 5.8 MEDIUM 7.4 HIGH
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect
CVE-2023-45105 1 Servit 1 Affiliate-toolkit - Wordpress Affiliate 2024-02-03 N/A 6.1 MEDIUM
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9.
CVE-2021-22942 1 Rubyonrails 1 Rails 2024-02-02 5.8 MEDIUM 6.1 MEDIUM
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.