Total
1137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0781 | 1 Martmbithi | 1 Internet Banking System | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. | |||||
| CVE-2024-0319 | 1 Fireeye | 1 Hxtool | 2024-11-21 | N/A | 5.4 MEDIUM |
| Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | |||||
| CVE-2023-6927 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | N/A | 4.6 MEDIUM |
| A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. | |||||
| CVE-2023-6545 | 1 Beckhoff | 2 Authelia-bhf, Twincat\/bsd | 2024-11-21 | N/A | 4.7 MEDIUM |
| The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia. | |||||
| CVE-2023-6389 | 1 Abhinavsingh | 1 Wordpress Toolbar | 2024-11-21 | N/A | 6.1 MEDIUM |
| The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | |||||
| CVE-2023-6380 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter. | |||||
| CVE-2023-6291 | 1 Redhat | 8 Enterprise Linux, Keycloak, Migration Toolkit For Applications and 5 more | 2024-11-21 | N/A | 7.1 HIGH |
| A flaw was found in the redirect_uri validation logic in Keycloak. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to an access token being stolen, making it possible for the attacker to impersonate other users. | |||||
| CVE-2023-5986 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-11-21 | N/A | 8.2 HIGH |
| A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. | |||||
| CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-11-21 | N/A | 8.2 HIGH |
| A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | |||||
| CVE-2023-5610 | 1 S-sols | 1 Seraphinite Accelerator | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | |||||
| CVE-2023-5445 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | N/A | 5.4 MEDIUM |
| An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server. | |||||
| CVE-2023-5375 | 1 Mosparo | 1 Mosparo | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. | |||||
| CVE-2023-52263 | 1 Brave | 1 Browser | 2024-11-21 | N/A | 6.1 MEDIUM |
| Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. | |||||
| CVE-2023-51675 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. | |||||
| CVE-2023-51517 | 1 Codepeople | 1 Calculated Fields Form | 2024-11-21 | N/A | 4.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28. | |||||
| CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2024-11-21 | N/A | 6.5 MEDIUM |
| IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | |||||
| CVE-2023-50771 | 1 Jenkins | 1 Openid | 2024-11-21 | N/A | 6.1 MEDIUM |
| Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | |||||
| CVE-2023-50704 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | |||||
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2024-11-21 | N/A | 3.7 LOW |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | |||||
| CVE-2023-50297 | 1 Alfasado | 1 Powercms | 2024-11-21 | N/A | 6.1 MEDIUM |
| Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Note that all versions of PowerCMS 3 Series and earlier which are unsupported (End-of-Life, EOL) are also affected by this vulnerability. | |||||