Total
920 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36029 | 2024-04-25 | N/A | 9.1 CRITICAL | ||
| Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | |||||
| CVE-2022-36028 | 2024-04-25 | N/A | 9.1 CRITICAL | ||
| Greenlight is an end-user interface for BigBlueButton servers. Versions prior to 2.13.0 have an open redirect vulnerability in the Login page due to unchecked the value of the `return_to` cookie. Versions 2.13.0 contains a patch for the issue. | |||||
| CVE-2024-32078 | 2024-04-24 | N/A | 4.1 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Foliovision FV Flowplayer Video Player.This issue affects FV Flowplayer Video Player: from n/a through 7.5.44.7212. | |||||
| CVE-2024-28076 | 2024-04-19 | N/A | 7.0 HIGH | ||
| The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the correct format | |||||
| CVE-2024-2419 | 2024-04-17 | N/A | 7.1 HIGH | ||
| A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291. | |||||
| CVE-2024-1183 | 2024-04-16 | N/A | 6.5 MEDIUM | ||
| An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response. | |||||
| CVE-2024-32129 | 2024-04-15 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Freshworks Freshdesk (official).This issue affects Freshdesk (official): from n/a through 2.3.4. | |||||
| CVE-2021-1310 | 1 Cisco | 1 Webex Meetings | 2024-04-11 | 4.3 MEDIUM | 4.7 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page, bypassing the warning mechanism that should prompt the user before the redirection. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website, bypassing the Webex URL check that should result in a warning before the redirection to the web page. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to convince users to unknowingly visit malicious sites. | |||||
| CVE-2024-0781 | 1 Martmbithi | 1 Internet Banking System | 2024-04-11 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | |||||
| CVE-2024-0545 | 1 Fairsketch | 1 Rise Ultimate Project Manager | 2024-04-11 | 5.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4965 | 1 Phpipam | 1 Phpipam | 2024-04-11 | 3.3 LOW | 4.8 MEDIUM |
| A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732. | |||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-04-11 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-24044 | 1 Plesk | 1 Obsidian | 2024-04-11 | N/A | 6.1 MEDIUM |
| A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature." | |||||
| CVE-2022-4589 | 1 Django Terms And Conditions Project | 1 Django Terms And Conditions | 2024-04-11 | N/A | 6.1 MEDIUM |
| A vulnerability has been found in cyface Terms and Conditions Module up to 2.0.9 and classified as problematic. Affected by this vulnerability is the function returnTo of the file termsandconditions/views.py. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 2.0.10 is able to address this issue. The name of the patch is 03396a1c2e0af95e12a45c5faef7e47a4b513e1a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216175. | |||||
| CVE-2021-28861 | 2 Fedoraproject, Python | 2 Fedora, Python | 2024-04-11 | N/A | 7.4 HIGH |
| Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. NOTE: this is disputed by a third party because the http.server.html documentation page states "Warning: http.server is not recommended for production. It only implements basic security checks." | |||||
| CVE-2020-36665 | 1 Seotool Project | 1 Seotool | 2024-04-11 | 5.2 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The identifier of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | |||||
| CVE-2020-36664 | 1 Seotool Project | 1 Seotool | 2024-04-11 | 5.2 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232. | |||||
| CVE-2020-36663 | 1 Seotool Project | 1 Seotool | 2024-04-11 | 5.2 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The patch is named ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. | |||||
| CVE-2020-36627 | 1 Go-macaron | 1 I18n | 2024-04-11 | N/A | 6.1 MEDIUM |
| A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. Upgrading to version 0.5.0 is able to address this issue. The name of the patch is 329b0c4844cc16a5a253c011b55180598e707735. It is recommended to upgrade the affected component. The identifier VDB-216745 was assigned to this vulnerability. | |||||
| CVE-2017-20164 | 1 Symbiote | 1 Seed | 2024-04-11 | 6.5 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The patch is identified as b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability. | |||||