Total
920 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16393 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | |||||
| CVE-2019-13422 | 1 Search-guard | 1 Search Guard | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | |||||
| CVE-2019-11585 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The startup.jsp resource in Jira before version 7.13.6, from version 8.0.0 before version 8.2.3, and from version 8.3.0 before version 8.3.2 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect. | |||||
| CVE-2019-3788 | 1 Cloudfoundry | 1 Uaa Release | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. | |||||
| CVE-2016-10769 | 1 Cpanel | 1 Cpanel | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| cPanel before 60.0.25 allows an open redirect via /cgi-sys/FormMail-clone.cgi (SEC-162). | |||||
| CVE-2019-8951 | 1 Bosch | 6 Divar Ip 2000, Divar Ip 2000 Firmware, Divar Ip 5000 and 3 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability located in the webserver affects several Bosch hardware and software products. The vulnerability potentially allows a remote attacker to redirect users to an arbitrary URL. Affected hardware products: Bosch DIVAR IP 2000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.62.0019 and newer), Bosch DIVAR IP 5000 (vulnerable versions: 3.10; 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.80.0033 and newer). Affected software products: Video Recording Manager (VRM) (vulnerable versions: 3.20; 3.21; 3.50; 3.51; 3.55; 3.60; 3.61; 3.62; fixed versions: 3.70.0056 and newer; 3.81.0032 and newer), Bosch Video Management System (BVMS) (vulnerable versions: 3.50.00XX; 3.55.00XX; 3.60.00XX; fixed versions: 7.5; 3.70.0056). | |||||
| CVE-2019-10721 | 1 Dotnetblogengine | 1 Blogengine.net | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. | |||||
| CVE-2019-4035 | 1 Ibm | 1 Content Navigator | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. | |||||
| CVE-2019-10856 | 1 Jupyter | 1 Notebook | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255. | |||||
| CVE-2019-1020016 | 1 Ash-aio Project | 1 Ash-aio | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| ASH-AIO before 2.0.0.3 allows an open redirect. | |||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | |||||
| CVE-2019-0540 | 1 Microsoft | 5 Excel Viewer, Office, Office 365 Proplus and 2 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
| CVE-2019-5978 | 1 Cybozu | 1 Garoon | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cybozu Garoon 4.0.0 to 4.10.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the application 'Scheduler'. | |||||
| CVE-2019-4166 | 1 Ibm | 1 Storediq | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. | |||||
| CVE-2018-20698 | 1 Search-guard | 1 Search Guard | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set. | |||||
| CVE-2019-15771 | 1 Components For Wp Bakery Page Builder Project | 1 Components For Wp Bakery Page Builder | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | |||||
| CVE-2019-4153 | 1 Ibm | 1 Security Access Manager | 2023-12-10 | 3.5 LOW | 6.8 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517. | |||||
| CVE-2019-10133 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs. | |||||
| CVE-2019-15772 | 1 Donations Project | 1 Donations | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | |||||