Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1058 | 1 Gitea | 1 Gitea | 2022-03-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | |||||
| CVE-2022-27090 | 1 Chshcms | 1 Cscms | 2022-03-29 | 4.9 MEDIUM | 5.4 MEDIUM |
| Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. | |||||
| CVE-2019-20901 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | |||||
| CVE-2018-13401 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. | |||||
| CVE-2018-13402 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | |||||
| CVE-2019-11589 | 1 Atlassian | 1 Jira Server | 2022-03-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The ChangeSharedFilterOwner resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | |||||
| CVE-2019-11585 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | |||||
| CVE-2021-41180 | 1 Nextcloud | 1 Talk | 2022-03-15 | 4.0 MEDIUM | 6.1 MEDIUM |
| Nextcloud talk is a self hosting messaging service. In versions prior 12.1.2 an attacker is able to control the link of a geolocation preview in the Nextcloud Talk application due to a lack of validation on the link. This could result in an open-redirect, but required user interaction. This only affected users of the Android Talk client. It is recommended that the Nextcloud Talk App is upgraded to 12.1.2. There are no known workarounds. | |||||
| CVE-2022-24739 | 1 Alltube Project | 1 Alltube | 2022-03-14 | 4.0 MEDIUM | 6.1 MEDIUM |
| alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability. | |||||
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. | |||||
| CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. | |||||
| CVE-2022-0869 | 1 Spirit-project | 1 Spirit | 2022-03-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. | |||||
| CVE-2022-26158 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-26156 | 1 Cherwell | 1 Cherwell Service Management | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server. | |||||
| CVE-2021-23495 | 1 Karma Project | 1 Karma | 2022-03-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | |||||
| CVE-2021-29217 | 1 Hpe | 1 Oneview Global Dashboard | 2022-03-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | |||||
| CVE-2022-24330 | 1 Jetbrains | 1 Teamcity | 2022-03-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, a redirection to an external site was possible. | |||||
| CVE-2009-3832 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2022-03-01 | 5.8 MEDIUM | N/A |
| Opera before 10.01 on Windows does not prevent use of Web fonts in rendering the product's own user interface, which allows remote attackers to spoof the address field via a crafted web site. | |||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2022-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | |||||
| CVE-2005-1475 | 1 Opera | 1 Opera Browser | 2022-02-28 | 7.5 HIGH | N/A |
| The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect. | |||||