Total
924 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-37947 | 1 Jenkins | 1 Openshift Login | 2023-12-10 | N/A | 6.1 MEDIUM |
Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2023-12-10 | N/A | 6.1 MEDIUM |
An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | |||||
CVE-2023-40306 | 1 Sap | 1 S\/4hana | 2023-12-10 | N/A | 6.1 MEDIUM |
SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | |||||
CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2023-12-10 | N/A | 5.4 MEDIUM |
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | |||||
CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2023-12-10 | N/A | 6.1 MEDIUM |
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
CVE-2023-34916 | 1 Cms Project | 1 Cms | 2023-12-10 | N/A | 6.1 MEDIUM |
Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | |||||
CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2023-12-10 | N/A | 6.1 MEDIUM |
URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||||
CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2023-12-10 | N/A | 5.4 MEDIUM |
IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | |||||
CVE-2023-38998 | 1 Opnsense | 1 Opnsense | 2023-12-10 | N/A | 6.1 MEDIUM |
An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
CVE-2022-45582 | 1 Openstack | 1 Horizon | 2023-12-10 | N/A | 6.1 MEDIUM |
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | |||||
CVE-2022-44215 | 1 Southrivertech | 1 Titan Ftp Server | 2023-12-10 | N/A | 6.1 MEDIUM |
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | |||||
CVE-2022-27861 | 1 Arscode | 1 Ninja Popups | 2023-12-10 | N/A | 6.1 MEDIUM |
Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | |||||
CVE-2023-37624 | 1 Netdisco | 1 Netdisco | 2023-12-10 | N/A | 6.1 MEDIUM |
Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
CVE-2023-38574 | 1 I-pro | 1 Video Insight | 2023-12-10 | N/A | 6.1 MEDIUM |
Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2023-12-10 | N/A | 6.1 MEDIUM |
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
CVE-2023-1279 | 1 Gitlab | 1 Gitlab | 2023-12-10 | N/A | 6.1 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. | |||||
CVE-2023-34917 | 1 Cms Project | 1 Cms | 2023-12-10 | N/A | 6.1 MEDIUM |
Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | |||||
CVE-2021-36580 | 1 Icewarp | 2 Icewarp Server, Mail Server | 2023-12-10 | N/A | 6.1 MEDIUM |
Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | |||||
CVE-2018-25091 | 1 Python | 1 Urllib3 | 2023-12-10 | N/A | 6.1 MEDIUM |
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | |||||
CVE-2023-41609 | 1 Couchcms | 1 Couchcms | 2023-12-10 | N/A | 6.1 MEDIUM |
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. |