Total
1058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6021 | 1 Ricoh | 1 Limedio | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | |||||
| CVE-2019-18781 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | |||||
| CVE-2019-6035 | 1 Yahoo | 1 Athenz | 2020-01-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | |||||
| CVE-2019-8791 | 1 Apple | 1 Shazam | 2020-01-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. | |||||
| CVE-2016-1000107 | 1 Erlang | 1 Erlang\/otp | 2019-12-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2014-3652 | 1 Redhat | 1 Keycloak | 2019-12-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | |||||
| CVE-2019-19775 | 1 Zulip | 1 Zulip Server | 2019-12-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | |||||
| CVE-2019-1486 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio Live Share | 2019-12-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | |||||
| CVE-2019-19703 | 1 Jetbrains | 1 Ktor | 2019-12-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | |||||
| CVE-2019-15688 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2019-12-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. | |||||
| CVE-2014-2213 | 1 Posh Project | 1 Posh | 2019-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php. | |||||
| CVE-2019-18451 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. | |||||
| CVE-2018-13257 | 1 Blackboard | 1 Blackboard Learn | 2019-11-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | |||||
| CVE-2019-15073 | 1 Openfind | 1 Mail2000 | 2019-11-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities. | |||||
| CVE-2019-18815 | 1 Popojicms | 1 Popojicms | 2019-11-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| PopojiCMS 2.0.1 allows refer= Open Redirection. | |||||
| CVE-2010-3669 | 1 Typo3 | 1 Typo3 | 2019-11-07 | 4.9 MEDIUM | 5.4 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | |||||
| CVE-2010-3661 | 1 Typo3 | 1 Typo3 | 2019-11-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | |||||
| CVE-2017-5614 | 1 Cpanel | 1 Cpanel | 2019-10-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | |||||
| CVE-2019-5433 | 1 Revive-adserver | 1 Revive Adserver | 2019-10-09 | 5.8 MEDIUM | 5.4 MEDIUM |
| A user having access to the UI of a Revive Adserver instance could be tricked into clicking on a specifically crafted admin account-switch.php URL that would eventually lead them to another (unsafe) domain, potentially used for stealing credentials or other phishing attacks. This vulnerability was addressed in version 4.2.0. | |||||