Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41609 | 1 Couchcms | 1 Couchcms | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2023-41080 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2024-11-21 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | |||||
| CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | |||||
| CVE-2023-40602 | 1 Doofinder | 1 Doofinder | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. | |||||
| CVE-2023-40306 | 1 Sap | 1 S\/4hana | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | |||||
| CVE-2023-3771 | 1 T1 Project | 1 T1 | 2024-11-21 | N/A | 6.1 MEDIUM |
| The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | |||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3568 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | N/A | 6.3 MEDIUM |
| Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-3515 | 1 Gitea | 1 Gitea | 2024-11-21 | N/A | 4.4 MEDIUM |
| Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | |||||
| CVE-2023-39968 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39371 | 1 Startrinity | 1 Softswitch | 2024-11-21 | N/A | 8.8 HIGH |
| StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601) | |||||
| CVE-2023-39364 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | N/A | 3.5 LOW |
| Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-38998 | 1 Opnsense | 1 Opnsense | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2023-38574 | 1 I-pro | 1 Video Insight | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2023-38481 | 1 Crmperks | 1 Integration For Woocommerce And Zoho Crm\, Books\, Invoice\, Inventory\, Bigin | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. | |||||
| CVE-2023-38478 | 1 Crmperks | 1 Integration For Woocommerce And Quickbooks | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | |||||
| CVE-2023-37982 | 1 Crmperks | 1 Integration For Salesforce And Contact Form 7\, Wpforms\, Elementor\, Ninja Forms | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. | |||||
| CVE-2023-37947 | 1 Jenkins | 1 Openshift Login | 2024-11-21 | N/A | 6.1 MEDIUM |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2023-37624 | 1 Netdisco | 1 Netdisco | 2024-11-21 | N/A | 6.1 MEDIUM |
| Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||
| CVE-2023-37561 | 1 Elecom | 8 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 5 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | |||||