Total
1111 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31229 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9. | |||||
| CVE-2023-31134 | 1 Tauri | 1 Tauri | 2024-11-21 | N/A | 4.8 MEDIUM |
| Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC. | |||||
| CVE-2023-31095 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | |||||
| CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | |||||
| CVE-2023-2000 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | N/A | 5.4 MEDIUM |
| Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | |||||
| CVE-2023-29540 | 1 Mozilla | 2 Firefox, Focus | 2024-11-21 | N/A | 6.1 MEDIUM |
| Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29307 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-29204 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.7 MEDIUM |
| XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. | |||||
| CVE-2023-28874 | 1 Seafile | 1 Seafile | 2024-11-21 | N/A | 6.1 MEDIUM |
| The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | |||||
| CVE-2023-28799 | 1 Zscaler | 1 Client Connector | 2024-11-21 | N/A | 8.2 HIGH |
| A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | |||||
| CVE-2023-28786 | 1 Solidwp | 1 Solid Security | 2024-11-21 | N/A | 3.7 LOW |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | |||||
| CVE-2023-28628 | 1 Lambdaisland | 1 Uri | 2024-11-21 | N/A | 5.4 MEDIUM |
| lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question doesn't handle the backslash (`\`) character in the username correctly, leading to a wrong output. ex. a payload of `https://example.com\\@google.com` would return that the host is `google.com`, but the correct host should be `example.com`. Given that the library returns the wrong authority this may be abused to bypass host restrictions depending on how the library is used in an application. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28364 | 1 Brave | 1 Browser | 2024-11-21 | N/A | 6.1 MEDIUM |
| An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. | |||||
| CVE-2023-28069 | 1 Dell | 1 Streaming Data Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
| Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks. | |||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||||
| CVE-2023-26494 | 1 Thethingsnetwork | 1 Lorawan-stack | 2024-11-21 | N/A | 6.1 MEDIUM |
| lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. | |||||
| CVE-2023-26159 | 1 Follow-redirects | 1 Follow Redirects | 2024-11-21 | N/A | 7.3 HIGH |
| Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches. | |||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
| CVE-2023-24030 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807. | |||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-11-21 | N/A | 5.4 MEDIUM |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | |||||