Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2260 | 1 Opera | 1 Opera Browser | 2022-02-28 | 5.0 MEDIUM | N/A |
| Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute. | |||||
| CVE-2022-0597 | 1 Microweber | 1 Microweber | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2021-25033 | 1 Noptin | 1 Noptin | 2022-02-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WordPress Newsletter Plugin WordPress plugin before 1.6.5 does not validate the to parameter before redirecting the user to its given value, leading to an open redirect issue | |||||
| CVE-2022-23102 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-02-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | |||||
| CVE-2022-0560 | 1 Microweber | 1 Microweber | 2022-02-17 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-23618 | 1 Xwiki | 1 Xwiki | 2022-02-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. | |||||
| CVE-2021-45328 | 1 Gitea | 1 Gitea | 2022-02-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | |||||
| CVE-2021-45408 | 1 Seeddms | 1 Seeddms | 2022-02-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the "referuri" parameter. | |||||
| CVE-2022-22919 | 1 Adenza | 1 Axiomsl Controllerview | 2022-02-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs. | |||||
| CVE-2021-33707 | 1 Sap | 1 Netweaver Knowledge Management | 2022-01-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity. | |||||
| CVE-2021-25074 | 1 Webp Converter For Media Project | 1 Webp Converter For Media | 2022-01-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | |||||
| CVE-2021-25028 | 1 Tri | 1 Event Tickets | 2022-01-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue | |||||
| CVE-2015-6501 | 1 Puppet | 1 Puppet Enterprise | 2022-01-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | |||||
| CVE-2016-5715 | 1 Puppet | 1 Puppet Enterprise | 2022-01-24 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6501. | |||||
| CVE-2021-38678 | 1 Qnap | 1 Qcalagent | 2022-01-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | |||||
| CVE-2022-0122 | 1 Digitalbazaar | 1 Forge | 2022-01-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| forge is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2022-21651 | 1 Shopware | 1 Shopware | 2022-01-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users are advised to upgrade as soon as possible. | |||||
| CVE-2021-20875 | 1 Groupsession | 1 Groupsession | 2022-01-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL. | |||||
| CVE-2019-4035 | 1 Ibm | 1 Content Navigator | 2022-01-01 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. | |||||
| CVE-2021-21337 | 1 Zope | 1 Products.pluggableauthservice | 2022-01-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an open redirect vulnerability. A maliciously crafted link to the login form and login functionality could redirect the browser to a different website. The problem has been fixed in version 2.6.1. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to `2.6.1` and re-run the buildout, or if you used `pip` simply do `pip install "Products.PluggableAuthService>=2.6.1". | |||||