Total
962 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-38478 | 1 Crmperks | 1 Integration For Woocommerce And Quickbooks | 2023-12-22 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | |||||
| CVE-2023-22259 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-20 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22256 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-20 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2023-22265 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2023-12-20 | N/A | 5.4 MEDIUM |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | |||||
| CVE-2020-17484 | 1 Uffizio | 1 Gps Tracker | 2023-12-20 | N/A | 6.1 MEDIUM |
| An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. | |||||
| CVE-2023-46750 | 1 Apache | 1 Shiro | 2023-12-18 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability when "form" authentication is used in Apache Shiro. Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+. | |||||
| CVE-2023-50771 | 1 Jenkins | 1 Openid | 2023-12-18 | N/A | 6.1 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2021-38343 | 1 Kylephillips | 1 Nested Pages | 2023-12-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions. | |||||
| CVE-2023-6380 | 1 Alkacon | 1 Opencms | 2023-12-15 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter. | |||||
| CVE-2023-47548 | 1 Softlabbd | 1 Integrate Google Drive | 2023-12-13 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. | |||||
| CVE-2023-28874 | 1 Seafile | 1 Seafile | 2023-12-12 | N/A | 6.1 MEDIUM |
| The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | |||||
| CVE-2023-48928 | 1 Franklin-electric | 1 System Sentinel Anyware | 2023-12-12 | N/A | 6.1 MEDIUM |
| Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-47779 | 1 Crmperks | 1 Integration For Constant Contact And Contact Form 7\, Wpforms\, Elementor\, Ninja | 2023-12-12 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | |||||
| CVE-2023-48325 | 1 Pluginops | 1 Landing Page Builder | 2023-12-12 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | |||||
| CVE-2023-45762 | 1 Michaeluno | 1 Responsive Column Widgets | 2023-12-12 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | |||||
| CVE-2023-46688 | 1 Pleasanter | 1 Pleasanter | 2023-12-11 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | |||||
| CVE-2023-49240 | 1 Huawei | 2 Emui, Harmonyos | 2023-12-11 | N/A | 7.5 HIGH |
| Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2018-11784 | 6 Apache, Canonical, Debian and 3 more | 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more | 2023-12-08 | 4.3 MEDIUM | 4.3 MEDIUM |
| When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory (e.g. redirecting to '/foo/' when the user requested '/foo') a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. | |||||
| CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2023-12-07 | N/A | 6.1 MEDIUM |
| kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | |||||
| CVE-2023-49281 | 1 Cainor | 1 Calendarinho | 2023-12-06 | N/A | 6.1 MEDIUM |
| Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. | |||||