Total
1250 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-34916 | 1 Cms Project | 1 Cms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | |||||
| CVE-2023-34415 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A | 6.1 MEDIUM |
| When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114. | |||||
| CVE-2023-34247 | 1 Keystonejs | 1 Keystone | 2024-11-21 | N/A | 6.1 MEDIUM |
| Keystone is a content management system for Node.JS. There is an open redirect in the `@keystone-6/auth` package versions 7.0.0 and prior, where the redirect leading `/` filter can be bypassed. Users may be redirected to domains other than the relative host, thereby it might be used by attackers to re-direct users to an unexpected location. To mitigate this issue, one may apply a patch from pull request 8626 or avoid using the `@keystone-6/auth` package. | |||||
| CVE-2023-34224 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 4.8 MEDIUM |
| In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible | |||||
| CVE-2023-32551 | 1 Canonical | 1 Landscape | 2024-11-21 | N/A | 6.1 MEDIUM |
| Landscape allowed URLs which caused open redirection. | |||||
| CVE-2023-32517 | 1 Ibericode | 1 Mailchimp | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | |||||
| CVE-2023-32218 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | N/A | 6.1 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |||||
| CVE-2023-32101 | 1 Pexlechris | 1 Library Viewer | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6. | |||||
| CVE-2023-32068 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.7 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like `http:example.com` in the parameter would allow the redirect. The issue has now been patched against all patterns that are known for performing redirects. This issue has been patched in XWiki 14.10.4 and 15.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-31245 | 2 Control4, Snapone | 13 Ca-1, Ca-10, Ea-1 and 10 more | 2024-11-21 | N/A | 7.1 HIGH |
| Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web. | |||||
| CVE-2023-31237 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9. | |||||
| CVE-2023-31229 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9. | |||||
| CVE-2023-31134 | 1 Tauri | 1 Tauri | 2024-11-21 | N/A | 4.8 MEDIUM |
| Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC. | |||||
| CVE-2023-31095 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | |||||
| CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | |||||
| CVE-2023-2000 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | N/A | 5.4 MEDIUM |
| Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | |||||
| CVE-2023-29540 | 1 Mozilla | 2 Firefox, Focus | 2024-11-21 | N/A | 6.1 MEDIUM |
| Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112. | |||||
| CVE-2023-29307 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-29204 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 4.7 MEDIUM |
| XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. | |||||
| CVE-2023-28874 | 1 Seafile | 1 Seafile | 2024-11-21 | N/A | 6.1 MEDIUM |
| The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | |||||