Total
1153 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38197 | 1 Esri | 1 Arcgis Server | 2024-11-21 | N/A | 6.1 MEDIUM |
| Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | |||||
| CVE-2022-38131 | 1 Rstudio | 1 Connect | 2024-11-21 | N/A | 6.1 MEDIUM |
| RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. | |||||
| CVE-2022-37940 | 1 Hpe | 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. | |||||
| CVE-2022-35953 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | N/A | 7.1 HIGH |
| BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5. | |||||
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | |||||
| CVE-2022-35406 | 1 Portswigger | 1 Burp Suite | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect. | |||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | |||||
| CVE-2022-33146 | 1 Web2py | 1 Web2py | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-32444 | 1 Yuba | 1 U5cms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | |||||
| CVE-2022-31735 | 1 Osstech | 1 Openam | 2024-11-21 | N/A | 6.1 MEDIUM |
| OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website. | |||||
| CVE-2022-31657 | 3 Linux, Microsoft, Vmware | 6 Linux Kernel, Windows, Access Connector and 3 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. | |||||
| CVE-2022-31193 | 1 Duraspace | 1 Dspace | 2024-11-21 | N/A | 7.1 HIGH |
| DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability. | |||||
| CVE-2022-31151 | 1 Nodejs | 1 Undici | 2024-11-21 | N/A | 3.7 LOW |
| Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default). | |||||
| CVE-2022-31040 | 1 Maykinmedia | 1 Open Forms | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. | |||||
| CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
| CVE-2022-30706 | 1 Twinkletoessoftware | 1 Booked | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-30562 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 4.0 MEDIUM | 4.7 MEDIUM |
| If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2022-2252 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | |||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
| CVE-2022-29718 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | |||||