Total
962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19709 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2023-02-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | |||||
| CVE-2019-16220 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2023-01-31 | 5.8 MEDIUM | 6.1 MEDIUM |
| In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect. | |||||
| CVE-2019-4201 | 1 Ibm | 1 Jazz For Service Management | 2023-01-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. | |||||
| CVE-2018-3743 | 1 Hekto Project | 1 Hekto | 2023-01-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. | |||||
| CVE-2022-3145 | 1 Okta | 1 Oidc Middleware | 2023-01-30 | N/A | 4.7 MEDIUM |
| An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | |||||
| CVE-2020-8559 | 1 Kubernetes | 1 Kubernetes | 2023-01-27 | 6.0 MEDIUM | 6.8 MEDIUM |
| The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. | |||||
| CVE-2023-22958 | 1 Syracom | 1 Secure Login | 2023-01-23 | N/A | 6.1 MEDIUM |
| The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. | |||||
| CVE-2022-39183 | 1 Moodle | 1 Saml Authentication | 2023-01-20 | N/A | 6.1 MEDIUM |
| Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | |||||
| CVE-2023-0042 | 1 Gitlab | 1 Gitlab | 2023-01-20 | N/A | 6.1 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. | |||||
| CVE-2022-45917 | 1 Ilias | 1 Ilias | 2023-01-06 | N/A | 6.1 MEDIUM |
| ILIAS before 7.16 has an Open Redirect. | |||||
| CVE-2022-38208 | 1 Esri | 1 Portal For Arcgis | 2023-01-05 | N/A | 6.1 MEDIUM |
| There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | |||||
| CVE-2022-4720 | 1 Ikus-soft | 1 Rdiffweb | 2023-01-05 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-34474 | 1 Mozilla | 1 Firefox | 2023-01-04 | N/A | 6.1 MEDIUM |
| Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102. | |||||
| CVE-2022-36316 | 1 Mozilla | 1 Firefox | 2023-01-04 | N/A | 6.1 MEDIUM |
| When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103. | |||||
| CVE-2022-29912 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2023-01-04 | N/A | 6.1 MEDIUM |
| Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2022-45413 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 6.1 MEDIUM |
| Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107. | |||||
| CVE-2022-29910 | 2 Google, Mozilla | 2 Android, Firefox | 2022-12-30 | N/A | 6.1 MEDIUM |
| When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100. | |||||
| CVE-2022-4644 | 1 Ikus-soft | 1 Rdiffweb | 2022-12-29 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.4. | |||||
| CVE-2021-4260 | 1 Oils-js Project | 1 Oils-js | 2022-12-27 | N/A | 6.1 MEDIUM |
| A vulnerability was found in oils-js. It has been declared as critical. This vulnerability affects unknown code of the file core/Web.js. The manipulation leads to open redirect. The attack can be initiated remotely. The name of the patch is fad8fbae824a7d367dacb90d56cb02c5cb999d42. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216268. | |||||
| CVE-2022-44488 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2022-12-23 | N/A | 5.4 MEDIUM |
| Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||