Total
1129 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-5375 | 1 Mosparo | 1 Mosparo | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. | ||||
| CVE-2023-52263 | 1 Brave | 1 Browser | 2024-11-21 | 6.1 Medium |
| Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. | ||||
| CVE-2023-51675 | 1 Vasyltech | 1 Advanced Access Manager | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. | ||||
| CVE-2023-51517 | 1 Codepeople | 1 Calculated Fields Form | 2024-11-21 | 4.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28. | ||||
| CVE-2023-50963 | 1 Ibm | 1 Storage Defender Data Protect | 2024-11-21 | 6.5 Medium |
| IBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101. | ||||
| CVE-2023-50704 | 1 Efacec | 2 Uc 500e, Uc 500e Firmware | 2024-11-21 | 4.3 Medium |
| An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. | ||||
| CVE-2023-50345 | 1 Hcltech | 1 Dryice Myxalytics | 2024-11-21 | 3.7 Low |
| HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats. | ||||
| CVE-2023-4965 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 2.7 Low |
| A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732. | ||||
| CVE-2023-4964 | 1 Microfocus | 2 Asset Management X, Service Management Automation X | 2024-11-21 | 8.2 High |
| Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. | ||||
| CVE-2023-49438 | 1 Flask-security-too Project | 1 Flask-security-too | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | ||||
| CVE-2023-49394 | 1 Easycorp | 1 Zentao | 2024-11-21 | 6.1 Medium |
| Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | ||||
| CVE-2023-49281 | 1 Cainor | 1 Calendarinho | 2024-11-21 | 4.7 Medium |
| Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-49240 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-49104 | 1 Owncloud | 1 Oauth2 | 2024-11-21 | 8.7 High |
| An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker. | ||||
| CVE-2023-49061 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | ||||
| CVE-2023-48928 | 1 Franklin-electric | 1 System Sentinel Anyware | 2024-11-21 | 6.1 Medium |
| Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||||
| CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2024-11-21 | 6.1 Medium |
| kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | ||||
| CVE-2023-48325 | 1 Pluginops | 1 Landing Page Builder | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | ||||
| CVE-2023-48003 | 1 Aspnetzero | 1 Asp.net Zero | 2024-11-21 | 6.1 Medium |
| An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages. | ||||
| CVE-2023-47779 | 1 Crmperks | 1 Integration For Constant Contact And Contact Form 7\, Wpforms\, Elementor\, Ninja | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | ||||