Total
1210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7831 | 1 Fenrir-inc | 1 Sleipnir | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | |||||
| CVE-2017-3126 | 1 Fortinet | 2 Fortianalyzer Firmware, Fortimanager Firmware | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. | |||||
| CVE-2017-3889 | 1 Cisco | 1 Registered Envelope Service | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015. | |||||
| CVE-2017-1489 | 1 Ibm | 6 Security Access Manager, Security Access Manager For Mobile, Security Access Manager For Web and 3 more | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community configurations may be affected by a redirect vulnerability. ECSSO Master Authentication can redirect to a server not participating in an e-community domain. IBM X-Force ID: 128687. | |||||
| CVE-2017-2497 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book. | |||||
| CVE-2015-4070 | 1 Wow New Media | 1 Wow Moodboard Lite | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2015-5241 | 1 Apache | 1 Juddi | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| After logging into the portal, the logout jsp page redirects the browser back to the login page after. It is feasible for malicious users to redirect the browser to an unintended web page in Apache jUDDI 3.1.2, 3.1.3, 3.1.4, and 3.1.5 when utilizing the portlets based user interface also known as 'Pluto', 'jUDDI Portal', 'UDDI Portal' or 'uddi-console'. User session data, credentials, and auth tokens are cleared before the redirect. | |||||
| CVE-2015-2750 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the "//" initial sequence. | |||||
| CVE-2016-8953 | 1 Ibm | 1 Emptoris Sourcing | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118840. | |||||
| CVE-2017-11725 | 1 Thycotic | 1 Secret Server | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
| The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections. | |||||
| CVE-2017-16569 | 1 Zurmo | 1 Zurmo Crm | 2025-04-20 | 4.9 MEDIUM | 4.8 MEDIUM |
| An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting. | |||||
| CVE-2017-3810 | 1 Cisco | 1 Prime Service Catalog | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula. | |||||
| CVE-2015-4668 | 1 Xceedium | 1 Xsuite | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. | |||||
| CVE-2017-3528 | 1 Oracle | 1 Applications Framework | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | |||||
| CVE-2016-8949 | 1 Ibm | 2 Emptoris Strategic Supply Management, Emptoris Supplier Lifecycle Management | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 118836. | |||||
| CVE-2016-0228 | 1 Ibm | 1 Marketing Platform | 2025-04-20 | 4.9 MEDIUM | 5.4 MEDIUM |
| IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236. | |||||
| CVE-2017-14525 | 1 Opentext | 2 Documentum Administrator, Documentum Webtop | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ (slash encoded horizontal tab slash) followed by a domain in the redirectUrl parameter to xda/component/virtuallinkconnect. | |||||
| CVE-2017-3799 | 1 Cisco | 1 Webex Meeting Center | 2025-04-20 | 5.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1. | |||||
| CVE-2017-5474 | 1 S9y | 1 Serendipity | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | |||||
| CVE-2015-7943 | 3 Drupal, Jquery Update Project, Labjs Project | 3 Drupal, Jquery Update, Labjs | 2025-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. | |||||