Total
962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17151 | 1 Tencent | 1 Wechat | 2020-01-14 | 5.8 MEDIUM | 5.4 MEDIUM |
| This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302. | |||||
| CVE-2019-6025 | 1 Sixapart | 1 Movable Type | 2020-01-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Movable Type series Movable Type 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Advanced 7 r.4602 (7.1.3) and earlier (Movable Type 7), Movable Type Advanced 6.5.0 and 6.5.1 (Movable Type 6.5), Movable Type Advanced 6.3.9 and earlier (Movable Type 6.3.x, 6.2.x, 6.1.x, 6.0.x), Movable Type Premium 1.24 and earlier (Movable Type Premium), and Movable Type Premium (Advanced Edition) 1.24 and earlier (Movable Type Premium) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2019-20225 | 1 Mybb | 1 Mybb | 2020-01-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| MyBB before 1.8.22 allows an open redirect on login. | |||||
| CVE-2019-6020 | 1 Alfasado | 1 Powercms | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2019-6021 | 1 Ricoh | 1 Limedio | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | |||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | |||||
| CVE-2019-18781 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2020-01-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | |||||
| CVE-2019-6035 | 1 Yahoo | 1 Athenz | 2020-01-04 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | |||||
| CVE-2019-8791 | 1 Apple | 1 Shazam | 2020-01-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue existed in the parsing of URL schemes. This issue was addressed with improved URL validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to an open redirect. | |||||
| CVE-2016-1000107 | 1 Erlang | 1 Erlang\/otp | 2019-12-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | |||||
| CVE-2014-3652 | 1 Redhat | 1 Keycloak | 2019-12-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | |||||
| CVE-2019-19775 | 1 Zulip | 1 Zulip Server | 2019-12-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | |||||
| CVE-2019-1486 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio Live Share | 2019-12-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | |||||
| CVE-2019-19703 | 1 Jetbrains | 1 Ktor | 2019-12-13 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | |||||
| CVE-2019-15688 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2019-12-12 | 5.8 MEDIUM | 6.1 MEDIUM |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. | |||||
| CVE-2014-2213 | 1 Posh Project | 1 Posh | 2019-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php. | |||||
| CVE-2019-18451 | 1 Gitlab | 1 Gitlab | 2019-11-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. | |||||
| CVE-2018-13257 | 1 Blackboard | 1 Blackboard Learn | 2019-11-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| The bb-auth-provider-cas authentication module within Blackboard Learn 2018-07-02 is susceptible to HTTP host header spoofing during Central Authentication Service (CAS) service ticket validation, enabling a phishing attack from the CAS server login page. | |||||
| CVE-2019-15073 | 1 Openfind | 1 Mail2000 | 2019-11-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities. | |||||
| CVE-2019-18815 | 1 Popojicms | 1 Popojicms | 2019-11-08 | 5.8 MEDIUM | 6.1 MEDIUM |
| PopojiCMS 2.0.1 allows refer= Open Redirection. | |||||