Total
962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2022-07-20 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | |||||
| CVE-2022-2250 | 1 Gitlab | 1 Gitlab | 2022-07-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. | |||||
| CVE-2022-30562 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2022-07-13 | 4.0 MEDIUM | 4.7 MEDIUM |
| If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | |||||
| CVE-2021-46366 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-07-12 | 6.8 MEDIUM | 8.8 HIGH |
| An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials. | |||||
| CVE-2020-26877 | 1 Apifest | 1 Oauth 2.0 Server | 2022-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. | |||||
| CVE-2022-29272 | 1 Nagios | 1 Nagios Xi | 2022-07-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. | |||||
| CVE-2022-2252 | 1 Microweber | 1 Microweber | 2022-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. | |||||
| CVE-2022-33146 | 1 Web2py | 1 Web2py | 2022-07-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | |||||
| CVE-2022-32444 | 1 Yuba | 1 U5cms | 2022-06-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | |||||
| CVE-2022-31040 | 1 Maykinmedia | 1 Open Forms | 2022-06-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. | |||||
| CVE-2022-24969 | 1 Apache | 1 Dubbo | 2022-06-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | |||||
| CVE-2022-23237 | 1 Netapp | 1 E-series Santricity Os Controller | 2022-06-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | |||||
| CVE-2022-29214 | 1 Nextauth.js | 1 Next-auth | 2022-06-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one's `callbacks` option as a workaround for those unable to upgrade. | |||||
| CVE-2020-26161 | 1 Octopus | 1 Octopus Deploy | 2022-06-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | |||||
| CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2022-06-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | |||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2022-05-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | |||||
| CVE-2022-22797 | 1 Sysaid | 1 Sysaid | 2022-05-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2021-31879 | 3 Broadcom, Gnu, Netapp | 8 Brocade Fabric Operating System Firmware, Wget, 500f and 5 more | 2022-05-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007. | |||||
| CVE-2022-27461 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. | |||||
| CVE-2022-24887 | 1 Nextcloud | 1 Talk | 2022-05-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. | |||||