Total
1257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | 6.1 Medium |
| Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||||
| CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | ||||
| CVE-2023-42502 | 1 Apache | 1 Superset | 2024-11-21 | 4.8 Medium |
| An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. | ||||
| CVE-2023-41699 | 1 Payara | 1 Payara | 2024-11-21 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. | ||||
| CVE-2023-41648 | 1 Swapnilpatil | 1 Login And Logout Redirect | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Patil Login and Logout Redirect.This issue affects Login and Logout Redirect: from n/a through 2.0.3. | ||||
| CVE-2023-41609 | 1 Couchcms | 1 Couchcms | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | ||||
| CVE-2023-40779 | 1 Icewarp | 1 Deep Castle G2 | 2024-11-21 | 6.1 Medium |
| An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | ||||
| CVE-2023-40602 | 1 Doofinder | 1 Doofinder | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. | ||||
| CVE-2023-40306 | 1 Sap | 1 S\/4hana | 2024-11-21 | 6.1 Medium |
| SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity. | ||||
| CVE-2023-3568 | 2 Alextselegidis, Fossbilling | 2 Easyappointments, Fossbilling | 2024-11-21 | 6.3 Medium |
| Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | ||||
| CVE-2023-39371 | 1 Startrinity | 1 Softswitch | 2024-11-21 | 8.8 High |
| StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601) | ||||
| CVE-2023-38998 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | ||||
| CVE-2023-38574 | 1 I-pro | 1 Video Insight | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2023-38481 | 1 Crmperks | 1 Integration For Woocommerce And Zoho Crm\, Books\, Invoice\, Inventory\, Bigin | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. | ||||
| CVE-2023-38478 | 1 Crmperks | 1 Integration For Woocommerce And Quickbooks | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | ||||
| CVE-2023-37982 | 1 Crmperks | 1 Integration For Salesforce And Contact Form 7\, Wpforms\, Elementor\, Ninja Forms | 2024-11-21 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.3.3. | ||||
| CVE-2023-37947 | 3 Jenkins, Jenkins Project, Redhat | 3 Openshift Login, Jenkins Openshift Login Plugin, Ocp Tools | 2024-11-21 | 6.1 Medium |
| Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. | ||||
| CVE-2023-37624 | 1 Netdisco | 1 Netdisco | 2024-11-21 | 6.1 Medium |
| Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | ||||
| CVE-2023-37561 | 1 Elecom | 8 Wrh-300wh-h, Wrh-300wh-h Firmware, Wtc-300hwh and 5 more | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. | ||||
| CVE-2023-36085 | 1 Sisqualwfm | 1 Sisqualwfm | 2024-11-21 | 6.1 Medium |
| The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | ||||