Total
977 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-4075 | 1 Opera | 2 Opera Browser, Opera Mini | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | |||||
CVE-2017-1159 | 1 Ibm | 1 Business Process Manager | 2024-02-04 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891. | |||||
CVE-2017-3799 | 1 Cisco | 1 Webex Meeting Center | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. | |||||
CVE-2017-9062 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 5.0 MEDIUM | 8.6 HIGH |
In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API. | |||||
CVE-2017-1156 | 1 Ibm | 1 Websphere Portal | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592 | |||||
CVE-2016-10315 | 1 Jensenofscandinavia | 6 Al3g, Al3g Firmware, Al5000ac and 3 more | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages. | |||||
CVE-2017-5571 | 1 Flexerasoftware | 1 Flexnet Publisher | 2024-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | |||||
CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-5977 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-02-04 | 4.9 MEDIUM | 6.8 MEDIUM |
Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-6636 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. | |||||
CVE-2016-3040 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2024-02-04 | 4.9 MEDIUM | 6.8 MEDIUM |
IBM WebSphere Application Server (WAS) Liberty, as used in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8, allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-5878 | 1 Ibm | 1 Filenet Workplace | 2024-02-04 | 4.9 MEDIUM | 6.8 MEDIUM |
Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-0204 | 1 Ibm | 1 Cloud Orchestrator | 2024-02-04 | 5.8 MEDIUM | 6.8 MEDIUM |
Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
CVE-2016-1000001 | 1 Flask-oidc Project | 1 Flask-oidc | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | |||||
CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit - Wordpress Affiliate | 2024-02-03 | N/A | 6.1 MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | |||||
CVE-2021-22942 | 1 Rubyonrails | 1 Rails | 2024-02-02 | 5.8 MEDIUM | 6.1 MEDIUM |
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. |