Total
962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25111 | 1 English Wordpress Admin Project | 1 English Wordpress Admin | 2022-05-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue | |||||
| CVE-2020-14118 | 1 Mi | 1 Mi App Store | 2022-05-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by the Mi App Store does not verify the validity of the incoming data, can cause the app store to automatically download and install apps. | |||||
| CVE-2022-24858 | 1 Nextauth.js | 1 Next-auth | 2022-04-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`. | |||||
| CVE-2022-1019 | 1 Automatedlogic | 1 Webctrl Server | 2022-04-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. | |||||
| CVE-2022-0645 | 1 Posthog | 1 Posthog | 2022-04-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1. | |||||
| CVE-2020-25154 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | |||||
| CVE-2022-27256 | 1 Hubzilla | 1 Hubzilla | 2022-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | |||||
| CVE-2022-27110 | 1 Orangehrm | 1 Orangehrm | 2022-04-13 | 4.9 MEDIUM | 5.4 MEDIUM |
| OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. | |||||
| CVE-2022-27109 | 1 Orangehrm | 1 Orangehrm | 2022-04-13 | 4.9 MEDIUM | 5.4 MEDIUM |
| OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. | |||||
| CVE-2022-27463 | 1 Wwbn | 1 Avideo | 2022-04-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page. | |||||
| CVE-2022-24794 | 1 Auth0 | 1 Express Openid Connect | 2022-04-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds. | |||||
| CVE-2016-4075 | 1 Opera | 2 Opera Browser, Opera Mini | 2022-04-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | |||||
| CVE-2022-26950 | 1 Rsa | 1 Archer | 2022-04-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred. | |||||
| CVE-2022-24776 | 1 Flask-appbuilder Project | 1 Flask-appbuilder | 2022-04-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds. | |||||
| CVE-2022-23798 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not. | |||||
| CVE-2021-39112 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2022-03-30 | 4.9 MEDIUM | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. | |||||
| CVE-2022-1058 | 1 Gitea | 1 Gitea | 2022-03-29 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | |||||
| CVE-2022-27090 | 1 Chshcms | 1 Cscms | 2022-03-29 | 4.9 MEDIUM | 5.4 MEDIUM |
| Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. | |||||
| CVE-2019-20901 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | |||||
| CVE-2018-13402 | 1 Atlassian | 2 Jira, Jira Server | 2022-03-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | |||||