ReportizFlow
Filtered by vendor
Subscriptions
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6927 | 1 Redhat | 5 Build Keycloak, Keycloak, Red Hat Single Sign On and 2 more | 2024-11-23 | 4.6 Medium |
| A flaw was found in Keycloak. This issue may allow an attacker to steal authorization codes or tokens from clients using a wildcard in the JARM response mode "form_post.jwt" which could be used to bypass the security patch implemented to address CVE-2023-6134. | ||||
| CVE-2015-10104 | 1 Woocommerce | 1 Icons For Features | 2024-11-22 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. | ||||
| CVE-2023-3139 | 1 Wp-experts | 1 Protect Wp Admin | 2024-11-22 | 6.1 Medium |
| The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. | ||||
| CVE-2023-20263 | 1 Cisco | 1 Hyperflex Hx Data Platform | 2024-11-22 | 4.7 Medium |
| A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | ||||
| CVE-2019-1943 | 1 Cisco | 114 Sf200-24, Sf200-24 Firmware, Sf200-24fp and 111 more | 2024-11-21 | N/A |
| A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites. | ||||
| CVE-2019-1954 | 1 Cisco | 1 Webex Meetings Server | 2024-11-21 | 6.1 Medium |
| A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website. | ||||
| CVE-2024-8526 | 2024-11-21 | N/A | ||
| A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp" | ||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-11-21 | 3.5 Low |
| A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-8386 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Enterprise Linux and 5 more | 2024-11-21 | 6.1 Medium |
| If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox < 130, Firefox ESR < 128.2, and Thunderbird < 128.2. | ||||
| CVE-2024-9329 | 2 Eclipse, Eclipse Foundation | 2 Glassfish, Glassfish | 2024-11-21 | 6.1 Medium |
| In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | ||||
| CVE-2024-6289 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 6.1 Medium |
| The WPS Hide Login WordPress plugin before 1.9.16.4 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. | ||||
| CVE-2024-6149 | 2024-11-21 | N/A | ||
| Redirection of users to a vulnerable URL in Citrix Workspace app for HTML5 | ||||
| CVE-2024-5936 | 2024-11-21 | N/A | ||
| An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability includes potential phishing attacks, malware distribution, and credential theft. | ||||
| CVE-2024-5492 | 2024-11-21 | N/A | ||
| Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway | ||||
| CVE-2024-4940 | 2024-11-21 | N/A | ||
| An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page. | ||||
| CVE-2024-4882 | 2024-11-21 | N/A | ||
| The user may be redirected to an arbitrary site in Sitefinity 15.1.8321.0 and previous versions. | ||||
| CVE-2024-4773 | 2024-11-21 | 7.5 High | ||
| When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126. | ||||
| CVE-2024-4704 | 1 Rocklobster | 1 Contact Form 7 | 2024-11-21 | 6.1 Medium |
| The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing. | ||||
| CVE-2024-4612 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow. | ||||
| CVE-2024-4604 | 2024-11-21 | 6.1 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields.This issue affects SSO (Single Sign On): from 1.0 before 1.1. | ||||