Total
1137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45203 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
| CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | |||||
| CVE-2023-42502 | 1 Apache | 1 Superset | 2024-11-21 | N/A | 4.8 MEDIUM |
| An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. | |||||
| CVE-2023-41699 | 1 Payara | 1 Payara | 2024-11-21 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. | |||||
| CVE-2023-41648 | 1 Swapnilpatil | 1 Login And Logout Redirect | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3. | |||||
| CVE-2023-41609 | 1 Couchcms | 1 Couchcms | 2024-11-21 | N/A | 6.1 MEDIUM |
| An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | |||||
| CVE-2023-41080 | 2 Apache, Debian | 2 Tomcat, Debian Linux | 2024-11-21 | N/A | 6.1 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | |||||
| CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | |||||
| CVE-2023-40602 | 1 Doofinder | 1 Doofinder | 2024-11-21 | N/A | 4.7 MEDIUM |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. | |||||
| CVE-2023-40306 | 1 Sap | 1 S\/4hana | 2024-11-21 | N/A | 6.1 MEDIUM |
| SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | |||||
| CVE-2023-3771 | 1 T1 Project | 1 T1 | 2024-11-21 | N/A | 6.1 MEDIUM |
| The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | |||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3568 | 1 Fossbilling | 1 Fossbilling | 2024-11-21 | N/A | 6.3 MEDIUM |
| Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | |||||
| CVE-2023-3515 | 1 Gitea | 1 Gitea | 2024-11-21 | N/A | 4.4 MEDIUM |
| Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | |||||
| CVE-2023-3139 | 1 Wp-experts | 1 Protect Wp Admin | 2024-11-21 | N/A | 6.1 MEDIUM |
| The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. | |||||
| CVE-2023-39968 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2023-39371 | 1 Startrinity | 1 Softswitch | 2024-11-21 | N/A | 8.8 HIGH |
| StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601) | |||||
| CVE-2023-39364 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-11-21 | N/A | 3.5 LOW |
| Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||