Total
917 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10113 | 1 Woocommerce | 1 Wooframework Tweaks | 2024-04-11 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in WooFramework Tweaks Plugin up to 1.0.1 on WordPress. Affected by this vulnerability is the function admin_screen_logic of the file wooframework-tweaks.php. The manipulation of the argument url leads to open redirect. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is 3b57d405149c1a59d1119da6e0bb8212732c9c88. It is recommended to upgrade the affected component. The identifier VDB-230653 was assigned to this vulnerability. | |||||
| CVE-2015-10112 | 1 Woocommerce | 1 Wooframework Branding | 2024-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in WooFramework Branding Plugin up to 1.0.1 on WordPress. Affected is the function admin_screen_logic of the file wooframework-branding.php. The manipulation of the argument url leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is f12fccd7b5eaf66442346f748c901ef504742f78. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230652. | |||||
| CVE-2015-10104 | 1 Woocommerce | 1 Icons For Features | 2024-04-11 | 4.0 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. | |||||
| CVE-2015-10102 | 1 Freshworks | 1 Freshdesk | 2024-04-11 | 6.5 MEDIUM | 6.1 MEDIUM |
| A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10052 | 1 Gibb-modul-151 Project | 1 Gibb-modul-151 | 2024-04-11 | 5.5 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in calesanz gibb-modul-151. This affects the function bearbeiten/login. The manipulation leads to open redirect. It is possible to initiate the attack remotely. The patch is named 88a517dc19443081210c804b655e72770727540d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218379. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2005-10001 | 1 Broadcom | 1 Symantec Siteminder | 2024-04-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and classified as critical. Affected by this issue is the file /siteminderagent/pwcgi/smpwservicescgi.exe of the component Login. The manipulation of the argument target leads to an open redirect. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2024-31253 | 2024-04-10 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | |||||
| CVE-2024-31282 | 2024-04-10 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | |||||
| CVE-2024-31135 | 1 Jetbrains | 1 Teamcity | 2024-04-08 | N/A | 6.1 MEDIUM |
| In JetBrains TeamCity before 2024.03 open redirect was possible on the login page | |||||
| CVE-2024-31213 | 2024-04-08 | N/A | 3.5 LOW | ||
| InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on the ICMS2 application. They could then host a website stating "To update your profile, please enter your password," upon which the user may type their password and send it to the attacker. As of time of publication, a patched version is not available. | |||||
| CVE-2022-45169 | 1 Liveboxcloud | 1 Vdesk | 2024-04-01 | N/A | 5.4 MEDIUM |
| An issue was discovered in LIVEBOX Collaboration vDesk through v031. A URL Redirection to an Untrusted Site (Open Redirect) can occur under the /api/v1/notification/createnotification endpoint, allowing an authenticated user to send an arbitrary push notification to any other user of the system. This push notification can include an (invisible) clickable link. | |||||
| CVE-2023-34020 | 2024-03-27 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. | |||||
| CVE-2024-29041 | 2024-03-26 | N/A | 6.1 MEDIUM | ||
| Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. | |||||
| CVE-2024-2465 | 2024-03-21 | N/A | N/A | ||
| Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. | |||||
| CVE-2024-27291 | 2024-03-21 | N/A | 6.1 MEDIUM | ||
| Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch. | |||||
| CVE-2023-39364 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-03-18 | N/A | 5.4 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-28113 | 2024-03-13 | N/A | 3.5 LOW | ||
| Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-28239 | 2024-03-13 | N/A | 5.4 MEDIUM | ||
| Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2024-1227 | 2024-03-12 | N/A | 6.5 MEDIUM | ||
| An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site. | |||||
| CVE-2024-21723 | 2024-02-29 | N/A | N/A | ||
| Inadequate parsing of URLs could result into an open redirect. | |||||