Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-42353 | 1 Pylonsproject | 1 Webob | 2024-08-19 | N/A | 6.1 MEDIUM |
| WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. | |||||
| CVE-2024-43236 | 2024-08-19 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9. | |||||
| CVE-2024-41955 | 1 Opensecurity | 1 Mobile Security Framework | 2024-08-15 | N/A | 5.4 MEDIUM |
| Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5. | |||||
| CVE-2005-10001 | 1 Broadcom | 1 Symantec Siteminder | 2024-08-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-23442 | 1 Elastic | 1 Kibana | 2024-08-07 | N/A | 6.1 MEDIUM |
| An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL. | |||||
| CVE-2015-10052 | 1 Gibb-modul-151 Project | 1 Gibb-modul-151 | 2024-08-06 | N/A | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-28861 | 2 Fedoraproject, Python | 2 Fedora, Python | 2024-08-03 | N/A | 7.4 HIGH |
| Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | |||||
| CVE-2024-37830 | 1 Getoutline | 1 Outline | 2024-08-02 | N/A | 6.1 MEDIUM |
| An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. | |||||
| CVE-2024-3597 | 1 Myrecorp | 1 Export Wp Page To Static Html\/css | 2024-07-15 | N/A | 6.1 MEDIUM |
| The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2023-3568 | 1 Fossbilling | 1 Fossbilling | 2024-07-12 | N/A | 4.8 MEDIUM |
| Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2024-37234 | 2024-07-08 | N/A | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | |||||
| CVE-2024-4704 | 1 Rocklobster | 1 Contact Form 7 | 2024-07-03 | N/A | 6.1 MEDIUM |
| The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. | |||||
| CVE-2024-4604 | 2024-06-27 | N/A | 6.1 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields.This issue affects SSO (Single Sign On): from 1.0 before 1.1. | |||||
| CVE-2024-0781 | 1 Martmbithi | 1 Internet Banking System | 2024-05-17 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | |||||
| CVE-2023-4965 | 1 Phpipam | 1 Phpipam | 2024-05-17 | N/A | 4.8 MEDIUM |
| A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732. | |||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-05-17 | N/A | 6.1 MEDIUM |
| A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2022-4589 | 1 Django Terms And Conditions Project | 1 Django Terms And Conditions | 2024-05-17 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175. | |||||
| CVE-2020-36665 | 1 Seotool Project | 1 Seotool | 2024-05-17 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The identifier of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | |||||
| CVE-2020-36664 | 1 Seotool Project | 1 Seotool | 2024-05-17 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232. | |||||
| CVE-2020-36627 | 1 Go-macaron | 1 I18n | 2024-05-17 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability. | |||||