Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1323 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2020-06-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. | |||||
| CVE-2020-10959 | 1 Mediawiki | 1 Mediawiki | 2020-06-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | |||||
| CVE-2020-1059 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2020-05-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | |||||
| CVE-2020-13486 | 1 Verbb | 1 Knock Knock | 2020-05-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | |||||
| CVE-2020-1997 | 1 Paloaltonetworks | 1 Pan-os | 2020-05-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | |||||
| CVE-2020-13121 | 1 Rcos | 1 Submitty | 2020-05-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | |||||
| CVE-2020-5409 | 1 Pivotal Software | 1 Concourse | 2020-05-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.) | |||||
| CVE-2020-12699 | 1 Dkd | 1 Direct Mail | 2020-05-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. | |||||
| CVE-2020-3178 | 1 Cisco | 1 Content Security Management Appliance | 2020-05-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities are due to improper input validation of the parameters of an HTTP request. An attacker could exploit these vulnerabilities by intercepting an HTTP request and modifying it to redirect a user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page or to obtain sensitive browser-based information. This type of attack is commonly referred to as an open redirect attack and is used in phishing attacks to get users to unknowingly visit malicious sites. | |||||
| CVE-2020-5337 | 1 Rsa | 1 Archer | 2020-05-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | |||||
| CVE-2019-4209 | 1 Hcltech | 1 Connections | 2020-05-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | |||||
| CVE-2020-5270 | 1 Prestashop | 1 Prestashop | 2020-04-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5 | |||||
| CVE-2020-5732 | 1 Openmrs | 1 Openmrs | 2020-04-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators. | |||||
| CVE-2020-5733 | 1 Openmrs | 1 Openmrs | 2020-04-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information. | |||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2020-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | |||||
| CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-04-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||
| CVE-2020-6223 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-04-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. | |||||
| CVE-2020-6211 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2020-04-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | |||||