ReportizFlow
Filtered by vendor
Subscriptions
Total
1062 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2024-09-25 | 6.1 Medium |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | ||||
| CVE-2024-4283 | 1 Gitlab | 1 Gitlab | 2024-09-24 | 6.4 Medium |
| An issue has been discovered in GitLab EE affecting all versions starting from 11.1 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow. | ||||
| CVE-2024-35133 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2024-09-21 | 6.8 Medium |
| IBM Security Verify Access 10.0.0 through 10.0.8 OIDC Provider could allow a remote authenticated attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. | ||||
| CVE-2024-8646 | 1 Eclipse | 1 Glassfish | 2024-09-18 | 6.1 Medium |
| In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). | ||||
| CVE-2024-8586 | 1 Uniong | 1 Webitr | 2024-09-16 | 6.1 Medium |
| WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks. | ||||
| CVE-2024-7312 | 1 Payara | 1 Payara | 2024-09-13 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.2020.2 before 5.2022.5, from 5.20.0 before 5.67.0, from 4.1.2.191.0 before 4.1.2.191.50. | ||||
| CVE-2024-8412 | 1 Linuxos | 1 Shakal-ng | 2024-09-12 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in LinuxOSsk Shakal-NG up to 1.3.3. Affected is an unknown function of the file comments/views.py. The manipulation of the argument next leads to open redirect. It is possible to launch the attack remotely. The name of the patch is ebd1c2cba59cbac198bf2fd5a10565994d4f02cb. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2024-42341 | 1 Loway | 1 Queuemetrics | 2024-09-11 | 6.1 Medium |
| Loway - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||
| CVE-2024-8555 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2024-09-10 | 4.3 Medium |
| A vulnerability was found in SourceCodester Clinics Patient Management System 2.0. It has been classified as problematic. Affected is an unknown function of the file congratulations.php. The manipulation of the argument goto_page leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7211 | 1 1e | 1 Platform | 2024-09-06 | 4.7 Medium |
| The 1E Platform's component utilized the third-party Duende Identity Server, which suffered from an open redirect vulnerability, permitting an attacker to control the redirection path of end users. Note: 1E Platform's component utilizing the third-party Duende Identity Server has been updated with the patch that includes the fix. | ||||
| CVE-2024-44776 | 1 Vtiger | 1 Vtiger Crm | 2024-09-03 | 6.1 Medium |
| An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. | ||||
| CVE-2024-43236 | 2024-09-03 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Scott Paterson Easy PayPal Buy Now Button.This issue affects Easy PayPal Buy Now Button: from n/a through 1.9. | ||||
| CVE-2024-39097 | 1 Gnuboard | 1 Gnuboard6 | 2024-08-27 | 6.1 Medium |
| There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path. | ||||
| CVE-2024-6377 | 2 3ds, Dassault | 4 3dexperience, 3dswymer 3dexperience 2022, 3dswymer 3dexperience 2023 and 1 more | 2024-08-27 | 8.1 High |
| An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL. | ||||
| CVE-2024-7428 | 2024-08-23 | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenTextâ„¢ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | ||||
| CVE-2024-43794 | 2024-08-23 | 6.1 Medium | ||
| OpenSearch Dashboards Security Plugin adds a configuration management UI for the OpenSearch Security features to OpenSearch Dashboards. Improper validation of the nextUrl parameter can lead to external redirect on login to OpenSearch-Dashboards for specially crafted parameters. A patch is available in 1.3.19 and 2.16.0 for this issue. | ||||
| CVE-2024-7902 | 1 Public Knowledge Project | 1 Open Journal Systems | 2024-08-20 | 4.3 Medium |
| A vulnerability was found in pkp ojs up to 3.4.0-6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login/signOut. The manipulation of the argument source with the input .example.com leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42353 | 2 Pylonsproject, Redhat | 4 Webob, Openshift, Openshift Ironic and 1 more | 2024-08-19 | 6.1 Medium |
| WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. This vulnerability is patched in WebOb version 1.8.8. | ||||
| CVE-2024-43280 | 2024-08-19 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1. | ||||
| CVE-2024-41955 | 1 Opensecurity | 1 Mobile Security Framework | 2024-08-15 | 5.2 Medium |
| Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile. An open redirect vulnerability exist in MobSF authentication view. Update to MobSF v4.0.5. | ||||