Total
922 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-19790 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. | |||||
CVE-2018-3774 | 1 Url-parse Project | 1 Url-parse | 2023-12-10 | 7.5 HIGH | 10.0 CRITICAL |
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. | |||||
CVE-2018-7692 | 1 Microfocus | 1 Edirectory | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. | |||||
CVE-2018-1939 | 1 Ibm | 1 Cloud Private | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 153319. | |||||
CVE-2018-1704 | 1 Ibm | 2 Platform Symphony, Spectrum Symphony | 2023-12-10 | 4.9 MEDIUM | 5.4 MEDIUM |
IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339. | |||||
CVE-2018-1736 | 1 Ibm | 1 Websphere Portal | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. | |||||
CVE-2018-17870 | 1 Btiteam | 1 Xbtit | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. | |||||
CVE-2019-6780 | 1 Kaine | 1 Wise Chat | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The Wise Chat plugin before 2.7 for WordPress mishandles external links because rendering/filters/post/WiseChatLinksPostFilter.php omits noopener and noreferrer. | |||||
CVE-2018-15683 | 1 Btiteam | 1 Xbtit | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. | |||||
CVE-2016-10742 | 2 Debian, Zabbix | 2 Debian Linux, Zabbix | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | |||||
CVE-2019-3912 | 1 Labkey | 1 Labkey Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites. | |||||
CVE-2018-16954 | 1 Oracle | 1 Webcenter Interaction | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
CVE-2013-0594 | 1 Ibm | 1 Inotes | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383. | |||||
CVE-2018-14398 | 1 Cremecrm | 1 Cremecrm | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials. | |||||
CVE-2018-12675 | 1 Sv3c | 4 H.264 Poe Ip Camera Firmware, Sv-b01poe-1080p-l, Sv-b11vpoe-1080p-l and 1 more | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. This can be leveraged to send a user to an unexpected endpoint. | |||||
CVE-2017-15419 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | |||||
CVE-2018-13813 | 1 Siemens | 22 Simatic Hmi Comfort Outdoor Panels, Simatic Hmi Comfort Outdoor Panels Firmware, Simatic Hmi Comfort Panels and 19 more | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15 Update 4), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (All versions < V15 Update 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15 Update 4), SIMATIC WinCC Runtime Advanced (All versions < V15 Update 4), SIMATIC WinCC Runtime Professional (All versions < V15 Update 4), SIMATIC WinCC (TIA Portal) (All versions < V15 Update 4), SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) (All versions). The webserver of affected HMI devices may allow URL redirections to untrusted websites. An attacker must trick a valid user who is authenticated to the device into clicking on a malicious link to exploit the vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2018-13401 | 1 Atlassian | 2 Jira, Jira Server | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. | |||||
CVE-2018-2476 | 1 Sap | 1 Netweaver | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | |||||
CVE-2018-1251 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. |