Total
1334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36085 | 1 Sisqualwfm | 1 Sisqualwfm | 2024-11-21 | 6.1 Medium |
| The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | ||||
| CVE-2023-35948 | 1 Novu | 1 Novu | 2024-11-21 | 5.4 Medium |
| Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch. | ||||
| CVE-2023-35883 | 1 Magazine3 | 1 Core Web Vitals \& Pagespeed Booster | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.This issue affects Core Web Vitals & PageSpeed Booster: from n/a through 1.0.12. | ||||
| CVE-2023-35171 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.1 Medium |
| NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available. | ||||
| CVE-2023-35029 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | ||||
| CVE-2023-34917 | 1 Cms Project | 1 Cms | 2024-11-21 | 6.1 Medium |
| Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. | ||||
| CVE-2023-34916 | 1 Cms Project | 1 Cms | 2024-11-21 | 6.1 Medium |
| Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. | ||||
| CVE-2023-32517 | 1 Ibericode | 1 Mailchimp | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder: from n/a through 4.0.9.3. | ||||
| CVE-2023-32101 | 1 Pexlechris | 1 Library Viewer | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6. | ||||
| CVE-2023-31237 | 1 Zephyr Project Manager Project | 1 Zephyr Project Manager | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9. | ||||
| CVE-2023-31229 | 1 Wpdirectorykit | 1 Wp Directory Kit | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9. | ||||
| CVE-2023-31095 | 1 Crmperks | 1 Database For Contact Form 7\, Wpforms\, Elementor Forms | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.8. | ||||
| CVE-2023-30433 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 6.5 Medium |
| IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186. | ||||
| CVE-2023-28874 | 1 Seafile | 1 Seafile | 2024-11-21 | 6.1 Medium |
| The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | ||||
| CVE-2023-28786 | 1 Solidwp | 1 Solid Security | 2024-11-21 | 3.7 Low |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Password, Two Factor Authentication, and Brute Force Protection: from n/a through 8.1.4. | ||||
| CVE-2023-28020 | 1 Hcltech | 1 Bigfix Webui | 2024-11-21 | 4.7 Medium |
| URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. | ||||
| CVE-2023-24735 | 1 Sigb | 1 Pmb | 2024-11-21 | 6.1 Medium |
| PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | ||||
| CVE-2023-23957 | 1 Symantec | 1 Identity Portal | 2024-11-21 | 5.4 Medium |
| An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | ||||
| CVE-2023-22641 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.1 Medium |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests. | ||||
| CVE-2023-22265 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 5.4 Medium |
| Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||