Total
1159 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31095 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | |||||
| CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | |||||
| CVE-2023-2000 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | N/A | 5.4 MEDIUM |
| Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | |||||
| CVE-2023-29540 | 1 Mozilla | 2 Firefox, Focus | 2024-11-21 | N/A | 6.1 MEDIUM |
| Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29307 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-29204 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.7 MEDIUM |
| XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. | |||||
| CVE-2023-28874 | 1 Seafile | 1 Seafile | 2024-11-21 | N/A | 6.1 MEDIUM |
| The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | |||||
| CVE-2023-28799 | 1 Zscaler | 1 Client Connector | 2024-11-21 | N/A | 8.2 HIGH |
| A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | |||||
| CVE-2023-28786 | 1 Solidwp | 1 Solid Security | 2024-11-21 | N/A | 3.7 LOW |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | |||||
| CVE-2023-28628 | 1 Lambdaisland | 1 Uri | 2024-11-21 | N/A | 5.4 MEDIUM |
| lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question doesn't handle the backslash (`\`) character in the username correctly, leading to a wrong output. ex. a payload of `https://example.com\\@google.com` would return that the host is `google.com`, but the correct host should be `example.com`. Given that the library returns the wrong authority this may be abused to bypass host restrictions depending on how the library is used in an application. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-28364 | 1 Brave | 1 Browser | 2024-11-21 | N/A | 6.1 MEDIUM |
| An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. | |||||
| CVE-2023-28069 | 1 Dell | 1 Streaming Data Platform | 2024-11-21 | N/A | 6.1 MEDIUM |
| Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. A remote unauthenticated attacker can phish the legitimate user to redirect to malicious website leading to information disclosure and launch of phishing attacks. | |||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | |||||
| CVE-2023-26494 | 1 Thethingsnetwork | 1 Lorawan-stack | 2024-11-21 | N/A | 6.1 MEDIUM |
| lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. | |||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-11-21 | N/A | 6.1 MEDIUM |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | |||||
| CVE-2023-24030 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL if url sanitisation is bypassed in incoming requests. NOTE: this is similar, but not identical, to CVE-2021-34807. | |||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-11-21 | N/A | 5.4 MEDIUM |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | |||||
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | |||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | |||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | N/A | 6.1 MEDIUM |
| An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | |||||