Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27509 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2022-08-05 | N/A | 6.1 MEDIUM |
| Unauthenticated redirection to a malicious website | |||||
| CVE-2022-30706 | 1 Twinkletoessoftware | 1 Booked | 2022-08-01 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-23184 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | |||||
| CVE-2021-24838 | 1 Bologer | 1 Anycomment | 2022-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | |||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2022-07-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | |||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2022-07-20 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | |||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
| CVE-2022-30562 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2022-07-13 | 4.0 MEDIUM | 4.7 MEDIUM |
| If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | |||||
| CVE-2020-26877 | 1 Apifest | 1 Oauth 2.0 Server | 2022-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. | |||||
| CVE-2022-29272 | 1 Nagios | 1 Nagios Xi | 2022-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | |||||
| CVE-2022-2252 | 1 Microweber | 1 Microweber | 2022-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | |||||
| CVE-2022-33146 | 1 Web2py | 1 Web2py | 2022-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-32444 | 1 Yuba | 1 U5cms | 2022-06-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | |||||
| CVE-2022-31040 | 1 Maykinmedia | 1 Open Forms | 2022-06-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. | |||||
| CVE-2022-24969 | 1 Apache | 1 Dubbo | 2022-06-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | |||||
| CVE-2022-23237 | 1 Netapp | 1 E-series Santricity Os Controller | 2022-06-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | |||||
| CVE-2022-29214 | 1 Nextauth.js | 1 Next-auth | 2022-06-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one's `callbacks` option as a workaround for those unable to upgrade. | |||||
| CVE-2020-26161 | 1 Octopus | 1 Octopus Deploy | 2022-06-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | |||||
| CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||