Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-5915

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-13 Feb, 2019 | 18:00
Updated At-04 Aug, 2024 | 20:09
Rejected At-
Credits

Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:13 Feb, 2019 | 18:00
Updated At:04 Aug, 2024 | 20:09
Rejected At:
▼CVE Numbering Authority (CNA)

Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

Affected Products
Vendor
OpenAM Consortium
Product
OpenAM (Open Source Edition)
Versions
Affected
  • 13
Problem Types
TypeCWE IDDescription
textN/AOpen Redirect
Type: text
CWE ID: N/A
Description: Open Redirect
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cs.themistruct.com/
x_refsource_MISC
http://jvn.jp/en/jp/JVN43193964/index.html
third-party-advisory
x_refsource_JVN
https://www.osstech.co.jp/support/am2019-1-1
x_refsource_MISC
Hyperlink: https://www.cs.themistruct.com/
Resource:
x_refsource_MISC
Hyperlink: http://jvn.jp/en/jp/JVN43193964/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: https://www.osstech.co.jp/support/am2019-1-1
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.cs.themistruct.com/
x_refsource_MISC
x_transferred
http://jvn.jp/en/jp/JVN43193964/index.html
third-party-advisory
x_refsource_JVN
x_transferred
https://www.osstech.co.jp/support/am2019-1-1
x_refsource_MISC
x_transferred
Hyperlink: https://www.cs.themistruct.com/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN43193964/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: https://www.osstech.co.jp/support/am2019-1-1
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:13 Feb, 2019 | 18:29
Updated At:14 Feb, 2019 | 15:18

Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.06.1MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.05.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
Type: Primary
Version: 3.0
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 5.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:N
CPE Matches

osstech
osstech
>>openam>>Versions from 13.0(inclusive) to 13.0.0-137(inclusive)
cpe:2.3:a:osstech:openam:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Primarynvd@nist.gov
CWE ID: CWE-601
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN43193964/index.htmlvultures@jpcert.or.jp
Patch
Third Party Advisory
https://www.cs.themistruct.com/vultures@jpcert.or.jp
Permissions Required
Third Party Advisory
https://www.osstech.co.jp/support/am2019-1-1vultures@jpcert.or.jp
Patch
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN43193964/index.html
Source: vultures@jpcert.or.jp
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.cs.themistruct.com/
Source: vultures@jpcert.or.jp
Resource:
Permissions Required
Third Party Advisory
Hyperlink: https://www.osstech.co.jp/support/am2019-1-1
Source: vultures@jpcert.or.jp
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

536Records found

CVE-2022-31735
Matching Score-6
Assigner-JPCERT/CC
ShareView Details
Matching Score-6
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.44% / 35.19%
||
7 Day CHG~0.00%
Published-15 Sep, 2022 | 04:25
Updated-03 Aug, 2024 | 07:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.

Action-Not Available
Vendor-osstechOpenAM consortium
Product-openamOpenAM (OpenAM Consortium Edition)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2014-2213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.44% / 70.02%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 18:39
Updated-06 Aug, 2024 | 10:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in the password reset functionality in POSH 3.0 through 3.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to portal/scr_sendmd5.php.

Action-Not Available
Vendor-posh_projectn/a
Product-poshn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-17151
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-4.3||MEDIUM
EPSS-1.37% / 68.69%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 23:05
Updated-05 Aug, 2024 | 01:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302.

Action-Not Available
Vendor-tencentTencent
Product-wechatWeChat
CWE ID-CWE-356
Product UI does not Warn User of Unsafe Actions
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-16393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.10% / 61.64%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 20:48
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character.

Action-Not Available
Vendor-spipn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxspipn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-26215
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.4||MEDIUM
EPSS-1.21% / 64.81%
||
7 Day CHG~0.00%
Published-18 Nov, 2020 | 21:20
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect in Jupyter Notebook

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

Action-Not Available
Vendor-jupyterjupyterDebian GNU/Linux
Product-debian_linuxnotebooknotebook
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-26219
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.61% / 44.78%
||
7 Day CHG~0.00%
Published-11 Nov, 2020 | 22:05
Updated-04 Aug, 2024 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in touchbase.ai

touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0.

Action-Not Available
Vendor-touchbase.ai_projectpuncsky
Product-touchbase.aitouchbase.ai
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-24598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.16% / 63.21%
||
7 Day CHG~0.00%
Published-26 Aug, 2020 | 21:27
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2013-2764
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.92% / 55.76%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 19:58
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Secure Entry Server before 4.7.0 contains a URI Redirection vulnerability which could allow remote attackers to conduct phishing attacks due to HSP_AbsoluteRedirects being disabled by default.

Action-Not Available
Vendor-united-security-providersn/a
Product-secure_entry_servern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2013-2621
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-10.69% / 95.27%
||
7 Day CHG~0.00%
Published-03 Feb, 2020 | 14:15
Updated-06 Aug, 2024 | 15:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.

Action-Not Available
Vendor-telaen_projectn/a
Product-telaenn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-2497
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.85% / 53.82%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows remote attackers to trigger visits to arbitrary URLs via a crafted book.

Action-Not Available
Vendor-n/aApple Inc.
Product-iphone_osmac_os_xn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-21998
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.32% / 67.36%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 17:46
Updated-04 Aug, 2024 | 14:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Action-Not Available
Vendor-homeautomation_projectn/a
Product-homeautomationn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2013-0594
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.25% / 65.78%
||
7 Day CHG~0.00%
Published-11 Jul, 2018 | 16:00
Updated-06 Aug, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.

Action-Not Available
Vendor-n/aIBM Corporation
Product-inotesn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-1723
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.00% / 58.55%
||
7 Day CHG~0.00%
Published-28 Jan, 2021 | 19:07
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0

Action-Not Available
Vendor-keycloak_gatekeeper_projectLouketoRed Hat, Inc.
Product-mobile_application_platformkeycloak_gatekeeperKeycloak Gatekeeper
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-41207
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 29.37%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 14:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information.

Action-Not Available
Vendor-SAP SE
Product-biller_directSAP Biller Direct
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-29214
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 44.95%
||
7 Day CHG~0.00%
Published-20 May, 2022 | 23:45
Updated-23 Apr, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Redirection to Untrusted Site ('Open Redirect') in next-auth

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one's `callbacks` option as a workaround for those unable to upgrade.

Action-Not Available
Vendor-nextauth.jsnextauthjs
Product-next-authnext-auth
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-15242
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.77% / 51.19%
||
7 Day CHG+0.01%
Published-08 Oct, 2020 | 19:50
Updated-04 Aug, 2024 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in Next.js

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4.

Action-Not Available
Vendor-vercelvercel
Product-next.jsnext.js
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-12666
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.38% / 68.70%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 21:06
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.

Action-Not Available
Vendor-go-macaronn/aFedora Project
Product-macaronfedoran/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-13486
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.68% / 47.90%
||
7 Day CHG~0.00%
Published-25 May, 2020 | 22:38
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

Action-Not Available
Vendor-verbbn/a
Product-knock_knockn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-11664
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-6.1||MEDIUM
EPSS-1.35% / 68.17%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:02
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-ca_api_developer_portalCA API Developer Portal
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-11665
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-4
Assigner-CA Technologies - A Broadcom Company
CVSS Score-6.1||MEDIUM
EPSS-1.57% / 72.35%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 19:03
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-ca_api_developer_portalCA API Developer Portal
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2020-11529
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-10.88% / 95.32%
||
7 Day CHG~0.00%
Published-04 Apr, 2020 | 18:17
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x.

Action-Not Available
Vendor-getgravn/a
Product-gravn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2018-10651
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.73% / 49.57%
||
7 Day CHG~0.00%
Published-23 May, 2018 | 17:00
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-xenmobile_servern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-9308
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 38.52%
||
7 Day CHG~0.00%
Published-20 Mar, 2025 | 10:10
Updated-15 Jul, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in haotian-liu/llava

An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

Action-Not Available
Vendor-hliuhaotian-liu
Product-llavahaotian-liu/llava
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-9837
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.35% / 68.09%
||
7 Day CHG~0.00%
Published-15 Mar, 2019 | 23:00
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.

Action-Not Available
Vendor-openidn/a
Product-openid_connectn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-32618
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-3.29% / 86.98%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 18:05
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect Vulnerability

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit library. However many browsers are very lenient on the kind of URL they accept and 'fill in the blanks' when presented with a possibly incomplete URL. As a concrete example - setting http://login?next=\\\github.com will pass FS's relative URL check however many browsers will gladly convert this to http://github.com. Thus an attacker could send such a link to an unwitting user, using a legitimate site and have it redirect to whatever site they want. This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute. It is possible for application writers to modify this default behavior by setting the 'autocorrect_location_header=False`.

Action-Not Available
Vendor-flask-security_projectFlask-Middleware
Product-flask-securityflask-security
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-16220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.55% / 83.12%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 13:06
Updated-21 Aug, 2024 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-wordpressdebian_linuxn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-9915
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.63% / 88.13%
||
7 Day CHG~0.00%
Published-21 Mar, 2019 | 23:03
Updated-04 Aug, 2024 | 22:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.

Action-Not Available
Vendor-get-simple.n/a
Product-getsimplecmsn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-15073
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.13% / 62.36%
||
7 Day CHG~0.00%
Published-20 Nov, 2019 | 04:16
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openfind MAIL2000 Webmail Pre-Auth Open Redirect

An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities.

Action-Not Available
Vendor-openfindOpenfind
Product-mail2000MAIL2000
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-23052
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.56% / 42.67%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 12:18
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious user to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_access_policy_managerBIG-IP APM
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-32444
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.25% / 80.74%
||
7 Day CHG~0.00%
Published-17 Jun, 2022 | 15:15
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.

Action-Not Available
Vendor-yuban/a
Product-u5cmsn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-33146
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.44% / 70.03%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 00:20
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.

Action-Not Available
Vendor-web2pyweb2py
Product-web2pyweb2py
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2011-1594
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.47% / 70.56%
||
7 Day CHG~0.00%
Published-05 Feb, 2014 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spacewalk: spacewalk: open redirect vulnerability enables phishing attacks via url parameter

A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks, potentially leading to unauthorized information disclosure or credential theft.

Action-Not Available
Vendor-Red Hat, Inc.
Product-network_satellitespacewalkRed Hat Enterprise Linux 7Red Hat Enterprise Linux 6
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-15771
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.34% / 67.88%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 12:37
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

Action-Not Available
Vendor-components_for_wp_bakery_page_builder_projectn/a
Product-components_for_wp_bakery_page_buildern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-30992
Matching Score-4
Assigner-Acronis International GmbH
ShareView Details
Matching Score-4
Assigner-Acronis International GmbH
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 39.99%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 19:42
Updated-16 Sep, 2024 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect via user-controlled query parameter

Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240

Action-Not Available
Vendor-Acronis (Acronis International GmbH)Linux Kernel Organization, IncMicrosoft Corporation
Product-cyber_protectwindowslinux_kernelAcronis Cyber Protect 15
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-15688
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-6.1||MEDIUM
EPSS-2.22% / 80.49%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 15:32
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass.

Action-Not Available
Vendor-Kaspersky Lab
Product-internet_securitysmall_office_securitysecurity_cloudanti-virustotal_securityKaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-31040
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.67% / 47.32%
||
7 Day CHG+0.02%
Published-13 Jun, 2022 | 12:10
Updated-23 Apr, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in open-forms

Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble.

Action-Not Available
Vendor-maykinmediaopen-formulieren
Product-open_formsopen-forms
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-15773
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.34% / 67.96%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 11:30
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting.

Action-Not Available
Vendor-travel_management_projectn/a
Product-travel_managementn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-29718
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.98% / 58.00%
||
7 Day CHG~0.00%
Published-02 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 06:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.

Action-Not Available
Vendor-caddyservern/a
Product-caddyn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-15041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.05% / 60.03%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 19:35
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-7275
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-9.09% / 94.67%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 19:59
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Optergy Proton/Enterprise devices allow Open Redirect.

Action-Not Available
Vendor-optergyn/a
Product-protonenterprisen/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-4266
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.58% / 43.54%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:38
Updated-07 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

Action-Not Available
Vendor-vanillaforumsn/a
Product-vanilla_forumsvanilla forums
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-6020
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.85% / 53.70%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:16
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Action-Not Available
Vendor-Alfasado Inc.
Product-powercmsPowerCMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 44.87%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 15:37
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.

Action-Not Available
Vendor-wwbnn/a
Product-avideon/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 70.49%
||
7 Day CHG+0.04%
Published-13 Apr, 2022 | 13:35
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

Action-Not Available
Vendor-hubzillan/a
Product-hubzillan/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-20119
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.67% / 47.66%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 16:15
Updated-15 Apr, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TrueConf Server change-lang redirect

A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-trueconfTrueConf
Product-serverServer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.72% / 49.35%
||
7 Day CHG+0.02%
Published-04 May, 2022 | 14:04
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.

Action-Not Available
Vendor-nopcommercen/a
Product-nopcommercen/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-26156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 49.12%
||
7 Day CHG+0.02%
Published-28 Feb, 2022 | 15:24
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.

Action-Not Available
Vendor-cherwelln/a
Product-cherwell_service_managementn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-29272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.86% / 88.90%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 00:58
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-15820
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 70.54%
||
7 Day CHG~0.00%
Published-30 Aug, 2019 | 12:39
Updated-05 Aug, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication.

Action-Not Available
Vendor-login_or_logout_menu_item_projectn/a
Product-login_or_logout_menu_itemn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-2166
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.78% / 51.55%
||
7 Day CHG~0.00%
Published-26 Jan, 2018 | 16:00
Updated-05 Aug, 2024 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Action-Not Available
Vendor-groupsessionJapan Total System Co.,Ltd.
Product-groupsessionGroupSession
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found