Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3558 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2020-3311 | 1 Cisco | 1 Secure Firewall Management Center | 2024-11-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a specific malicious web page. | |||||
| CVE-2024-1240 | 1 Pyload | 1 Pyload | 2024-11-19 | N/A | 6.1 MEDIUM |
| An open redirection vulnerability exists in pyload/pyload version 0.5.0. The vulnerability is due to improper handling of the 'next' parameter in the login functionality. An attacker can exploit this vulnerability to redirect users to malicious sites, which can be used for phishing or other malicious activities. The issue is fixed in pyload-ng 0.5.0b3.dev79. | |||||
| CVE-2024-47530 | 1 Clinical-genomics | 1 Scout | 2024-11-15 | N/A | 6.1 MEDIUM |
| Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89. | |||||
| CVE-2024-11207 | 2024-11-15 | N/A | N/A | ||
| A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-47648 | 1 Theeventprime | 1 Eventprime | 2024-11-14 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5. | |||||
| CVE-2024-50345 | 2024-11-08 | N/A | N/A | ||
| symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-25566 | 1 Forgerock | 1 Access Management | 2024-11-08 | N/A | 6.1 MEDIUM |
| An Open-Redirect vulnerability exists in PingAM where well-crafted requests may cause improper validation of redirect URLs. This could allow an attacker to redirect end-users to malicious sites under their control, simplifying phishing attacks | |||||
| CVE-2024-43683 | 1 Microchip | 2 Timeprovider 4100, Timeprovider 4100 Firmware | 2024-11-01 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100 allows XSS Through HTTP Headers.This issue affects TimeProvider 4100: from 1.0. | |||||
| CVE-2024-8386 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-10-30 | N/A | 6.1 MEDIUM |
| If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | |||||
| CVE-2024-7941 | 1 Hitachienergy | 1 Microscada X Sys600 | 2024-10-30 | N/A | 4.3 MEDIUM |
| An HTTP parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2022-45169 | 1 Liveboxcloud | 1 Vdesk | 2024-10-30 | N/A | 5.4 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link. | |||||
| CVE-2024-50463 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-10-29 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Sunshine Sunshine Photo Cart.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. | |||||
| CVE-2024-0953 | 1 Mozilla | 1 Firefox | 2024-10-27 | N/A | 6.1 MEDIUM |
| When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | |||||
| CVE-2023-28799 | 1 Zscaler | 1 Client Connector | 2024-10-17 | N/A | 6.1 MEDIUM |
| A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | |||||
| CVE-2024-47354 | 2024-10-15 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership After Login Redirection.This issue affects Simple Membership After Login Redirection: from n/a through 1.6. | |||||
| CVE-2024-47353 | 2024-10-15 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in QuomodoSoft ElementsReady Addons for Elementor.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2. | |||||
| CVE-2024-45247 | 2024-10-07 | N/A | N/A | ||
| Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2024-47646 | 2024-10-07 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payflex Payflex Payment Gateway.This issue affects Payflex Payment Gateway: from n/a through 2.6.1. | |||||
| CVE-2024-9329 | 1 Eclipse | 1 Glassfish | 2024-10-07 | N/A | 6.1 MEDIUM |
| In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||