Total
918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6803 | 1 Mozilla | 1 Webthings Gateway | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | |||||
| CVE-2019-19703 | 1 Jetbrains | 1 Ktor | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | |||||
| CVE-2010-3669 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
| TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box. | |||||
| CVE-2019-19709 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | |||||
| CVE-2019-15041 | 1 Jetbrains | 1 Youtrack | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. | |||||
| CVE-2019-1486 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio Live Share | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | |||||
| CVE-2019-18451 | 1 Gitlab | 1 Gitlab | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. | |||||
| CVE-2019-4595 | 1 Ibm | 1 Sterling B2b Integrator | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 167878. | |||||
| CVE-2010-2471 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Drupal versions 5.x and 6.x has open redirection | |||||
| CVE-2016-1000107 | 1 Erlang | 1 Erlang\/otp | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2019-8791 | 1 Apple | 1 Shazam | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. | |||||
| CVE-2019-15688 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. | |||||
| CVE-2019-18815 | 1 Popojicms | 1 Popojicms | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| PopojiCMS 2.0.1 allows refer= Open Redirection. | |||||
| CVE-2010-3661 | 1 Typo3 | 1 Typo3 | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend. | |||||
| CVE-2020-7936 | 1 Plone | 1 Plone | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | |||||
| CVE-2019-10098 | 1 Apache | 1 Http Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Apache HTTP server 2.4.0 to 2.4.39, Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an unexpected URL within the request URL. | |||||
| CVE-2019-6025 | 1 Sixapart | 1 Movable Type | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2019-20225 | 1 Mybb | 1 Mybb | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| MyBB before 1.8.22 allows an open redirect on login. | |||||
| CVE-2013-2621 | 1 Telaen Project | 1 Telaen | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. | |||||
| CVE-2014-9617 | 1 Netsweeper | 1 Netsweeper | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||