Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37561 | 1 Elecom | 8 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 5 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | |||||
| CVE-2023-36085 | 1 Sisqualwfm | 1 Sisqualwfm | 2024-11-21 | N/A | 6.1 MEDIUM |
| The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | |||||
| CVE-2023-35948 | 1 Novu | 1 Novu | 2024-11-21 | N/A | 5.4 MEDIUM |
| Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch. | |||||
| CVE-2023-35883 | 1 Magazine3 | 1 Core Web Vitals \& Pagespeed Booster | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. | |||||
| CVE-2023-35791 | 1 Vound-software | 1 Intella Connect | 2024-11-21 | N/A | 6.1 MEDIUM |
| Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. | |||||
| CVE-2023-35171 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 4.1 MEDIUM |
| NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available. | |||||
| CVE-2023-35029 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | |||||
| CVE-2023-34917 | 1 Cms Project | 1 Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | |||||
| CVE-2023-34916 | 1 Cms Project | 1 Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | |||||
| CVE-2023-34415 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.1 MEDIUM |
| When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. | |||||
| CVE-2023-34247 | 1 Keystonejs | 1 Keystone | 2024-11-21 | N/A | 6.1 MEDIUM |
| Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package. | |||||
| CVE-2023-34224 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.8 MEDIUM |
| In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible | |||||
| CVE-2023-34020 | 2024-11-21 | N/A | 4.7 MEDIUM | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. | |||||
| CVE-2023-32551 | 1 Canonical | 1 Landscape | 2024-11-21 | N/A | 6.1 MEDIUM |
| Landscape allowed URLs which caused open redirection. | |||||
| CVE-2023-32517 | 1 Ibericode | 1 Mailchimp | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | |||||
| CVE-2023-32218 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | N/A | 6.1 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2023-32101 | 1 Pexlechris | 1 Library Viewer | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6. | |||||
| CVE-2023-32068 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.7 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like `http:example.com` in the parameter would allow the redirect. The issue has now been patched against all patterns that are known for performing redirects. This issue has been patched in XWiki 14.10.4 and 15.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-31245 | 2 Control4, Snapone | 13 Ca-1, Ca-10, Ea-1 and 10 more | 2024-11-21 | N/A | 7.1 HIGH |
| Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web. | |||||
| CVE-2023-31237 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9. | |||||