Search
Total
631 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43532 | 1 Mozilla | 1 Firefox | 2021-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| The 'Copy Image Link' context menu action would copy the final image URL after redirects. By embedding an image that triggered authentication flows - in conjunction with a Content Security Policy that stopped a redirection chain in the middle - the final image URL could be one that contained an authentication token used to takeover a user account. If a website tricked a user into copy and pasting the image link back to the page, the page would be able to steal the authentication tokens. This was fixed by making the action return the original URL, before any redirects. This vulnerability affects Firefox < 94. | |||||
| CVE-2021-43064 | 1 Fortinet | 1 Fortiweb | 2021-12-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. | |||||
| CVE-2021-4000 | 1 Showdoc | 1 Showdoc | 2021-12-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-3989 | 1 Showdoc | 1 Showdoc | 2021-12-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| showdoc is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-42564 | 1 Cryptshare | 1 Cryptshare Server | 2021-12-01 | 4.9 MEDIUM | 5.4 MEDIUM |
| An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter. | |||||
| CVE-2021-43777 | 1 Redash | 1 Redash | 2021-11-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability. | |||||
| CVE-2021-36332 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 4.9 MEDIUM | 5.4 MEDIUM |
| Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. | |||||
| CVE-2021-21392 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 4.9 MEDIUM | 6.3 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks. See referenced GitHub security advisory for details and workarounds. | |||||
| CVE-2021-21273 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2021-11-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key validity for third-party invite events and sending push notifications. This could cause Synapse to make requests to internal infrastructure. The type of request was not controlled by the user, although limited modification of request bodies was possible. For the most thorough protection server administrators should remove the deprecated `federation_ip_range_blacklist` from their settings after upgrading to Synapse v1.25.0 which will result in Synapse using the improved default IP address restrictions. See the new `ip_range_blacklist` and `ip_range_whitelist` settings if more specific control is necessary. | |||||
| CVE-2020-15233 | 1 Ory | 1 Fosite | 2021-11-18 | 4.9 MEDIUM | 4.8 MEDIUM |
| ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1. | |||||
| CVE-2021-41733 | 1 Oppia | 1 Oppia | 2021-11-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. | |||||
| CVE-2021-1500 | 1 Cisco | 2 Collaboration Meeting Rooms, Webex Video Mesh | 2021-11-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites. | |||||
| CVE-2021-43058 | 1 Replicated | 1 Replicated Classic | 2021-11-02 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site. | |||||
| CVE-2021-34764 | 1 Cisco | 3 Firepower Management Center Virtual Appliance, Firepower Threat Defense, Sourcefire Defense Center | 2021-10-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-3851 | 1 Firefly-iii | 1 Firefly Iii | 2021-10-21 | 4.9 MEDIUM | 5.4 MEDIUM |
| firefly-iii is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-22903 | 1 Rubyonrails | 1 Rails | 2021-10-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The actionpack ruby gem before 6.1.3.2 suffers from a possible open redirect vulnerability. Specially crafted Host headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. This is similar to CVE-2021-22881. Strings in config.hosts that do not have a leading dot are converted to regular expressions without proper escaping. This causes, for example, `config.hosts << "sub.example.com"` to permit a request with a Host header value of `sub-example.com`. | |||||
| CVE-2021-22963 | 1 Fastify | 1 Fastify-static | 2021-10-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false. | |||||
| CVE-2021-20031 | 1 Sonicwall | 59 Nsa 2650, Nsa 2700, Nsa 3650 and 56 more | 2021-10-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. | |||||
| CVE-2021-20806 | 1 Cybozu | 1 Remote Service Manager | 2021-10-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2020-25901 | 1 Spiceworks | 1 Spiceworks | 2021-10-18 | 5.8 MEDIUM | 6.1 MEDIUM |
| Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. | |||||
| CVE-2021-34772 | 1 Cisco | 1 Orbital | 2021-10-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites. | |||||
| CVE-2021-41826 | 1 Place | 1 Placeos Authentication | 2021-10-07 | 5.8 MEDIUM | 6.1 MEDIUM |
| PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. | |||||
| CVE-2021-25737 | 1 Kubernetes | 1 Kubernetes | 2021-10-07 | 4.9 MEDIUM | 4.8 MEDIUM |
| A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs. | |||||
| CVE-2021-35205 | 1 Netscout | 1 Ngeniusone | 2021-10-04 | 4.9 MEDIUM | 5.4 MEDIUM |
| NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. | |||||
| CVE-2021-23052 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-09-27 | 5.8 MEDIUM | 6.1 MEDIUM |
| On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-23435 | 1 Thoughtbot | 1 Clearance | 2021-09-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com). | |||||
| CVE-2021-22526 | 1 Microfocus | 1 Access Manager | 2021-09-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4 | |||||
| CVE-2021-32806 | 1 Plone | 1 Isurlinportal | 2021-09-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0. | |||||
| CVE-2021-37746 | 3 Claws-mail, Fedoraproject, Sylpheed Project | 3 Claws-mail, Fedora, Sylpheed | 2021-09-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click. | |||||
| CVE-2021-32805 | 1 Flask-appbuilder Project | 1 Flask-appbuilder | 2021-09-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround. | |||||
| CVE-2021-38123 | 1 Microfocus | 1 Network Automation | 2021-09-14 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication. | |||||
| CVE-2021-39501 | 1 Eyoucms | 1 Eyoucms | 2021-09-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function. | |||||
| CVE-2018-7473 | 1 Soconnect | 2 Sowifi Hotspot, Sowifi Hotspot Firmware | 2021-09-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. | |||||
| CVE-2021-39112 | 1 Atlassian | 2 Data Center, Jira | 2021-08-30 | 4.9 MEDIUM | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1. | |||||
| CVE-2015-3190 | 2 Cloudfoundry, Pivotal Software | 3 Cf-release, Cloud Foundry Elastic Runtime, Cloud Foundry Uaa | 2021-08-25 | 5.8 MEDIUM | 6.1 MEDIUM |
| With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter. | |||||
| CVE-2021-37352 | 1 Nagios | 1 Nagios Xi | 2021-08-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link. | |||||
| CVE-2021-37699 | 1 Vercel | 1 Next.js | 2021-08-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0. | |||||
| CVE-2021-22098 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2021-08-19 | 5.8 MEDIUM | 6.1 MEDIUM |
| UAA server versions prior to 75.4.0 are vulnerable to an open redirect vulnerability. A malicious user can exploit the open redirect vulnerability by social engineering leading to take over of victims’ accounts in certain cases along with redirection of UAA users to a malicious sites. | |||||
| CVE-2021-33331 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter. | |||||
| CVE-2017-8047 | 2 Cloudfoundry, Pivotal | 2 Cf-release, Routing-release | 2021-08-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL that will allow for an open redirect. An attacker could exploit this as a phishing attack to gain access to user credentials or other sensitive data. NOTE: 274 resolves the vulnerability but has a serious bug that is fixed in 275. | |||||
| CVE-2021-21578 | 1 Dell | 1 Emc Idrac9 Firmware | 2021-08-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. | |||||
| CVE-2021-21579 | 1 Dell | 1 Emc Idrac9 Firmware | 2021-08-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. | |||||
| CVE-2020-5329 | 1 Dell | 1 Emc Avamar Server | 2021-08-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. | |||||
| CVE-2016-6636 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2021-08-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) before 242; UAA 2.x before 2.7.4.7, 3.x before 3.3.0.5, and 3.4.x before 3.4.4; UAA BOSH before 11.5 and 12.x before 12.5; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.1; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 mishandles redirect_uri subdomains, which allows remote attackers to obtain implicit access tokens via a modified subdomain. | |||||
| CVE-2021-20789 | 1 Groupsession | 3 Groupsession, Groupsession Bycloud, Groupsession Zion | 2021-08-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open redirect vulnerability in GroupSession (GroupSession Free edition from ver2.2.0 to the version prior to ver5.1.0, GroupSession byCloud from ver3.0.3 to the version prior to ver5.1.0, and GroupSession ZION from ver3.0.3 to the version prior to ver5.1.0) allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack via a specially crafted URL. | |||||
| CVE-2021-3664 | 1 Url-parse Project | 1 Url-parse | 2021-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| url-parse is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2021-3647 | 1 Uri.js Project | 1 Uri.js | 2021-07-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| URI.js is vulnerable to URL Redirection to Untrusted Site | |||||
| CVE-2020-15129 | 1 Traefik | 1 Traefik | 2021-07-28 | 4.0 MEDIUM | 4.7 MEDIUM |
| In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. | |||||
| CVE-2021-35966 | 1 Learningdigital | 1 Orca Hcm | 2021-07-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks. | |||||
| CVE-2021-35037 | 1 Jamf | 1 Jamf | 2021-07-22 | 5.8 MEDIUM | 6.1 MEDIUM |
| Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822 | |||||