Total
1137 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1251 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
| Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. | |||||
| CVE-2018-1248 | 1 Rsa | 1 Authentication Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains. | |||||
| CVE-2018-1220 | 1 Emc | 1 Rsa Archer | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users. | |||||
| CVE-2018-19796 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | |||||
| CVE-2018-19790 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. | |||||
| CVE-2018-19106 | 1 Avinetworks | 1 Avi Vantage | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. | |||||
| CVE-2018-18288 | 1 Crushftp | 1 Crushftp | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. | |||||
| CVE-2018-17948 | 1 Microfocus | 1 Access Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | |||||
| CVE-2018-17870 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. | |||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | |||||
| CVE-2018-17074 | 1 Feed Statistics Project | 1 Feed Statistics | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. | |||||
| CVE-2018-16954 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | |||||
| CVE-2018-16761 | 1 Eventum Project | 1 Eventum | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Eventum before 3.4.0 has an open redirect vulnerability. | |||||
| CVE-2018-16191 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-16174 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2018-15798 | 1 Pivotal Software | 1 Concourse | 2024-11-21 | 5.8 MEDIUM | 7.6 HIGH |
| Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. | |||||
| CVE-2018-15683 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected. | |||||
| CVE-2018-15493 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| vBulletin 5.4.3 has an Open Redirect. | |||||
| CVE-2018-15403 | 1 Cisco | 4 Emergency Responder, Unified Communications Manager, Unified Communications Manager Im And Presence Service and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that causes the web interface to redirect a request to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | |||||
| CVE-2018-15180 | 1 Qasymphony | 1 Qtest Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter. | |||||