Total
1159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4964 | 1 Microfocus | 2 Asset Management X, Service Management Automation X | 2024-11-21 | N/A | 8.2 HIGH |
| Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. | |||||
| CVE-2023-49438 | 1 Flask-security-too Project | 1 Flask-security-too | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | |||||
| CVE-2023-49281 | 1 Cainor | 1 Calendarinho | 2024-11-21 | N/A | 4.7 MEDIUM |
| Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-49104 | 1 Owncloud | 1 Oauth2 | 2024-11-21 | N/A | 8.7 HIGH |
| An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. | |||||
| CVE-2023-49061 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.1 MEDIUM |
| An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | |||||
| CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2024-11-21 | N/A | 6.1 MEDIUM |
| kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-48325 | 1 Pluginops | 1 Landing Page Builder | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | |||||
| CVE-2023-48003 | 1 Aspnetzero | 1 Asp.net Zero | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages. | |||||
| CVE-2023-47779 | 1 Crmperks | 1 Integration For Constant Contact And Contact Form 7\, Wpforms\, Elementor\, Ninja | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | |||||
| CVE-2023-47548 | 1 Softlabbd | 1 Integrate Google Drive | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. | |||||
| CVE-2023-47168 | 1 Mattermost | 1 Mattermost | 2024-11-21 | N/A | 4.3 MEDIUM |
| Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to= | |||||
| CVE-2023-46688 | 1 Pleasanter | 1 Pleasanter | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | |||||
| CVE-2023-46624 | 1 Parcelpro | 1 Parcel Pro | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11. | |||||
| CVE-2023-45909 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | N/A | 6.1 MEDIUM |
| zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | |||||
| CVE-2023-45762 | 1 Michaeluno | 1 Responsive Column Widgets | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | |||||
| CVE-2023-45203 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | |||||
| CVE-2023-42502 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 4.8 MEDIUM |
| An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. | |||||