Total
1418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38662 | 1 Hcltech | 1 Hcl Digital Experience | 2025-04-18 | N/A | 6.1 MEDIUM |
| In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | |||||
| CVE-2024-42930 | 1 Pbootcms | 1 Pbootcms | 2025-04-17 | N/A | 6.1 MEDIUM |
| PbootCMS 3.2.8 is vulnerable to URL Redirect. | |||||
| CVE-2023-6552 | 1 Tasmoadmin | 1 Tasmoadmin | 2025-04-17 | N/A | 6.1 MEDIUM |
| Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability. | |||||
| CVE-2022-47500 | 1 Apache | 1 Helix | 2025-04-17 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue. | |||||
| CVE-2022-46288 | 1 Jacic | 1 Electronic Bidding Core System | 2025-04-17 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-29910 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-16 | N/A | 6.1 MEDIUM |
| When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | |||||
| CVE-2022-34474 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 6.1 MEDIUM |
| Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-29912 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-15 | N/A | 6.1 MEDIUM |
| Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-34478 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2025-04-15 | N/A | 6.5 MEDIUM |
| The <code>ms-msdt</code>, <code>search</code>, and <code>search-ms</code> protocols deliver content to Microsoft applications, bypassing the browser, when a user accepts a prompt. These applications have had known vulnerabilities, exploited in the wild (although we know of none exploited through Thunderbird), so in this release Thunderbird has blocked these protocols from prompting the user to open them.<br>*This bug only affects Thunderbird on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2022-36316 | 1 Mozilla | 1 Firefox | 2025-04-15 | N/A | 6.1 MEDIUM |
| When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | |||||
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-15 | N/A | 6.1 MEDIUM |
| Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | |||||
| CVE-2016-3047 | 1 Ibm | 1 Filenet Workplace | 2025-04-12 | 4.9 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through 4.0.2.14 IF001 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-0697 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. | |||||
| CVE-2016-0204 | 1 Ibm | 1 Cloud Orchestrator | 2025-04-12 | 5.8 MEDIUM | 6.8 MEDIUM |
| Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before 2.4.0 FP3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2015-5354 | 1 Novius-os | 1 Novius Os | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. | |||||
| CVE-2016-4604 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.8 MEDIUM | 5.4 MEDIUM |
| Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | |||||
| CVE-2016-3174 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | 4.3 MEDIUM | 7.4 HIGH |
| An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The "defer" servlet offers to redirect a client to a specified URL. Since some checks were missing, arbitrary URLs could be provided as redirection target. Users can be tricked to follow a link to a trustworthy domain but end up at an unexpected service later on. This vulnerability can be used to prepare and enhance phishing attacks. | |||||
| CVE-2016-1000001 | 1 Flask-oidc Project | 1 Flask-oidc | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect | |||||
| CVE-2016-0928 | 1 Pivotal | 1 Cloud Foundry Elastic Runtime | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
| Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 14 Debian Linux, Drupal, Fedora and 11 more | 2025-04-12 | 5.1 MEDIUM | 8.1 HIGH |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | |||||