Total
1137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4209 | 1 Hcltech | 1 Connections | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks. | |||||
| CVE-2019-4201 | 1 Ibm | 1 Jazz For Service Management | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Jazz for Service Management 1.1.3, 1.1.3.1, and 1.1.3.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 159122. | |||||
| CVE-2019-4166 | 1 Ibm | 1 Storediq | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM StoredIQ 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158699. | |||||
| CVE-2019-4153 | 1 Ibm | 1 Security Access Manager | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
| IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 158517. | |||||
| CVE-2019-4092 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 157654. | |||||
| CVE-2019-4035 | 1 Ibm | 1 Content Navigator | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Content Navigator 3.0CD could allow attackers to direct web traffic to a malicious site. If attackers make a fake IBM Content Navigator site, they can send a link to ICN users to send request to their Edit client directly. Then Edit client will download documents from the fake ICN website. IBM X-Force ID: 156001. | |||||
| CVE-2019-3912 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites. | |||||
| CVE-2019-3877 | 4 Canonical, Fedoraproject, Mod Auth Mellon Project and 1 more | 4 Ubuntu Linux, Fedora, Mod Auth Mellon and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.8 MEDIUM |
| A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function. | |||||
| CVE-2019-3850 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.8 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits. | |||||
| CVE-2019-3788 | 1 Cloudfoundry | 1 Uaa Release | 2024-11-21 | 5.8 MEDIUM | 8.7 HIGH |
| Cloud Foundry UAA Release, versions prior to 71.0, allows clients to be configured with an insecure redirect uri. Given a UAA client was configured with a wildcard in the redirect uri's subdomain, a remote malicious unauthenticated user can craft a phishing link to get a UAA access code from the victim. | |||||
| CVE-2019-3778 | 2 Oracle, Pivotal Software | 2 Banking Corporate Lending, Spring Security Oauth | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient). | |||||
| CVE-2019-3477 | 1 Microfocus | 1 Solutions Business Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Micro Focus Solution Business Manager versions prior to 11.4.2 is susceptible to open redirect. | |||||
| CVE-2019-25155 | 1 Cure53 | 1 Dompurify | 2024-11-21 | N/A | 6.1 MEDIUM |
| DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | |||||
| CVE-2019-20901 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | |||||
| CVE-2019-20479 | 4 Debian, Fedoraproject, Openidc and 1 more | 4 Debian Linux, Fedora, Mod Auth Openidc and 1 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | |||||
| CVE-2019-20225 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| MyBB before 1.8.22 allows an open redirect on login. | |||||
| CVE-2019-1954 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | |||||
| CVE-2019-1943 | 1 Cisco | 114 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 111 more | 2024-11-21 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2019-1486 | 1 Microsoft | 2 Visual Studio 2019, Visual Studio Live Share | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | |||||
| CVE-2019-1075 | 1 Microsoft | 1 Asp.net Core | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | |||||