Vulnerabilities (CVE)

Filtered by CWE-601
Total 910 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-6009 1 Ss-proj 1 Shirasagi 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in SHIRASAGI v1.7.0 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2019-14912 1 Prise 1 Adas 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.
CVE-2018-13384 1 Fortinet 1 Fortios 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains.
CVE-2019-11016 1 Elgg 1 Elgg 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
Elgg before 1.12.18 and 2.3.x before 2.3.11 has an open redirect.
CVE-2019-11269 2 Oracle, Pivotal Software 2 Banking Corporate Lending, Spring Security Oauth 2023-12-10 5.8 MEDIUM 5.4 MEDIUM
Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the redirect_uri parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code.
CVE-2018-8913 1 Synology 1 Web Station 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.
CVE-2017-5871 1 Odoo 1 Odoo 2023-12-10 5.8 MEDIUM 5.4 MEDIUM
Odoo Version <= 8.0-20160726 and Version 9 is affected by: CWE-601: Open redirection. The impact is: obtain sensitive information (remote).
CVE-2019-3778 2 Oracle, Pivotal Software 2 Banking Corporate Lending, Spring Security Oauth 2023-12-10 6.4 MEDIUM 6.5 MEDIUM
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
CVE-2017-18414 1 Cpanel 1 Cpanel 2023-12-10 5.8 MEDIUM 7.4 HIGH
cPanel before 67.9999.103 allows an open redirect in /unprotected/redirect.html (SEC-300).
CVE-2019-10117 1 Gitlab 1 Gitlab 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
An Open Redirect issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. A redirect is triggered after successful authentication within the Oauth/:GeoAuthController for the secondary Geo node.
CVE-2019-15820 1 Login Or Logout Menu Item Project 1 Login Or Logout Menu Item 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.
CVE-2018-12621 1 Eventum Project 1 Eventum 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.
CVE-2019-15775 1 Learning Courses Project 1 Learning Courses 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.
CVE-2019-5965 1 Joruri 1 Joruri Mail 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2019-5969 1 Weseek 1 Growi 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in GROWI v3.4.6 and earlier allows remote attackersto redirect users to arbitrary web sites and conduct phishing attacks via the process of login.
CVE-2019-7416 1 Opentext 1 Documentum Webtop 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is vulnerable.
CVE-2019-13175 1 Readthedocs 1 Read The Docs 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites).
CVE-2019-6004 1 Fujixerox 2 Apeosware Management Suite, Apeosware Management Suite 2 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
Open redirect vulnerability in ApeosWare Management Suite Ver.1.4.0.18 and earlier, and ApeosWare Management Suite 2 Ver.2.1.2.4 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2019-3850 1 Moodle 1 Moodle 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.
CVE-2019-1943 1 Cisco 114 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 111 more 2023-12-10 5.8 MEDIUM 6.1 MEDIUM
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.