Total
1163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4857 | 1 Splunk | 1 Splunk | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2017-3105 | 2 Adobe, Microsoft | 2 Robohelp, Windows | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2. | |||||
| CVE-2017-1558 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 131548. | |||||
| CVE-2017-8451 | 1 Elastic | 1 Kibana | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| With X-Pack installed, Kibana versions before 5.3.1 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website. | |||||
| CVE-2017-1450 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128177. | |||||
| CVE-2016-4334 | 1 Jivesoftware | 1 Jive | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jive before 2016.3.1 has an open redirect from the external-link.jspa page. | |||||
| CVE-2017-1002150 | 1 Fedoraproject | 1 Python-fedora | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | |||||
| CVE-2017-6670 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based GUI of Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect issue. More Information: CSCvc54813. Known Affected Releases: 8.1(7)ER1. | |||||
| CVE-2017-2497 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. | |||||
| CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | |||||
| CVE-2017-11725 | 1 Thycotic | 1 Secret Server | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
| The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |||||
| CVE-2015-6501 | 1 Puppet | 1 Puppet Enterprise | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | |||||
| CVE-2017-7343 | 1 Fortinet | 1 Fortiportal | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter. | |||||
| CVE-2017-1000070 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819 | |||||
| CVE-2015-9058 | 1 Proxmox | 1 Proxmox Mail Gateway | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. | |||||
| CVE-2017-1449 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 128174. | |||||
| CVE-2016-6908 | 1 Opera | 1 Opera Browser | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL. It was noticed that by placing neutral characters such as "/", "?" in filepath causes the URL to be flipped and displayed from Right To Left. However, in order for the URL to be spoofed the URL must begin with an IP address followed by neutral characters as omnibox considers IP address to be combination of punctuation and numbers and since LTR (Left To Right) direction is not properly enforced, this causes the entire URL to be treated and rendered from RTL (Right To Left). However, it doesn't have be an IP address, what matters is that first strong character (generally, alphabetic character) in the URL must be an RTL character. | |||||
| CVE-2017-1489 | 1 Ibm | 6 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web and 3 more | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. | |||||
| CVE-2016-6020 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | |||||
| CVE-2017-12138 | 1 Xoops | 1 Xoops | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter. | |||||