Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-8586

Summary
Assigner-twcert
Assigner Org ID-cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
Published At-09 Sep, 2024 | 03:07
Updated At-09 Sep, 2024 | 13:36
Rejected At-
Credits

Uniong WebITR - Open Redirect

WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:twcert
Assigner Org ID:cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e
Published At:09 Sep, 2024 | 03:07
Updated At:09 Sep, 2024 | 13:36
Rejected At:
▼CVE Numbering Authority (CNA)
Uniong WebITR - Open Redirect

WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.

Affected Products
Vendor
Uniong
Product
WebITR
Default Status
unaffected
Versions
Affected
  • From 0 through 2_1_0_27 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-98CAPEC-98 Phishing
CAPEC ID: CAPEC-98
Description: CAPEC-98 Phishing
Solutions

Update to version 2_1_0_28 or later.

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://www.twcert.org.tw/tw/cp-132-8043-cc323-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-8044-65b84-2.html
third-party-advisory
Hyperlink: https://www.twcert.org.tw/tw/cp-132-8043-cc323-1.html
Resource:
third-party-advisory
Hyperlink: https://www.twcert.org.tw/en/cp-139-8044-65b84-2.html
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:twcert@cert.org.tw
Published At:09 Sep, 2024 | 03:15
Updated At:16 Sep, 2024 | 13:28

WebITR from Uniong has an Open Redirect vulnerability, which allows unauthorized remote attackers to exploit this vulnerability to forge URLs. Users, believing they are accessing a trusted domain, can be redirected to another page, potentially leading to phishing attacks.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CPE Matches

uniong
uniong
>>webitr>>Versions before 2_1_0_28(exclusive)
cpe:2.3:a:uniong:webitr:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Primarytwcert@cert.org.tw
CWE ID: CWE-601
Type: Primary
Source: twcert@cert.org.tw
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://www.twcert.org.tw/en/cp-139-8044-65b84-2.htmltwcert@cert.org.tw
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-8043-cc323-1.htmltwcert@cert.org.tw
Third Party Advisory
Hyperlink: https://www.twcert.org.tw/en/cp-139-8044-65b84-2.html
Source: twcert@cert.org.tw
Resource:
Third Party Advisory
Hyperlink: https://www.twcert.org.tw/tw/cp-132-8043-cc323-1.html
Source: twcert@cert.org.tw
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

793Records found

CVE-2019-7275
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-9.09% / 94.67%
||
7 Day CHG~0.00%
Published-01 Jul, 2019 | 19:59
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Optergy Proton/Enterprise devices allow Open Redirect.

Action-Not Available
Vendor-optergyn/a
Product-protonenterprisen/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-28977
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 35.80%
||
7 Day CHG+0.01%
Published-22 Sep, 2022 | 00:02
Updated-27 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.

Action-Not Available
Vendor-n/aLiferay Inc.
Product-dxpliferay_portaldigital_experience_platformn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-52003
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.39% / 30.85%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 18:15
Updated-25 Nov, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
X-Forwarded-Prefix Header still allows for Open Redirect in traefik

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-traefiktraefik
Product-traefiktraefik
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-52512
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.3||LOW
EPSS-0.42% / 33.58%
||
7 Day CHG~0.00%
Published-15 Nov, 2024 | 17:18
Updated-15 Aug, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nextcloud User OIDC has an open redirection when logging in with User OIDC

user_oidc app is an OpenID Connect user backend for Nextcloud. A malicious user could send a malformed login link that would redirect the user to a provided URL after successfully authenticating. It is recommended that the Nextcloud User OIDC app is upgraded to 6.1.0.

Action-Not Available
Vendor-Nextcloud GmbH
Product-user_oidcsecurity-advisories
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2010-4266
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.58% / 43.54%
||
7 Day CHG~0.00%
Published-22 Jun, 2021 | 13:38
Updated-07 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.

Action-Not Available
Vendor-vanillaforumsn/a
Product-vanilla_forumsvanilla forums
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-28755
Matching Score-4
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-4
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.73% / 49.64%
||
7 Day CHG~0.00%
Published-11 Aug, 2022 | 14:55
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper URL parsing in Zoom Clients

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructurezoomZoom VDI Windows Meeting ClientsZoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows)
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-6020
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.85% / 53.70%
||
7 Day CHG~0.00%
Published-26 Dec, 2019 | 15:16
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in PowerCMS 5.12 and earlier (PowerCMS 5.x), 4.42 and earlier (PowerCMS 4.x), and 3.293 and earlier (PowerCMS 3.x) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.

Action-Not Available
Vendor-Alfasado Inc.
Product-powercmsPowerCMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-50463
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 16.33%
||
7 Day CHG~0.00%
Published-28 Oct, 2024 | 12:33
Updated-12 May, 2026 | 22:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Sunshine Photo Cart plugin <= 3.2.9 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.9.

Action-Not Available
Vendor-sunshinephotocartsunshinephotocart
Product-sunshine_photo_cartSunshine Photo Cart
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-2837
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.39% / 30.47%
||
7 Day CHG~0.00%
Published-03 Mar, 2023 | 00:00
Updated-07 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.

Action-Not Available
Vendor-coredns.ion/a
Product-corednscoreDNS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-923
Improper Restriction of Communication Channel to Intended Endpoints
CVE-2022-27463
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 44.87%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 15:37
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.

Action-Not Available
Vendor-wwbnn/a
Product-avideon/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27861
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.31% / 23.16%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 09:19
Updated-28 Apr, 2026 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Ninja Popups Plugin <= 4.7.5 is vulnerable to Open Redirection

Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions.

Action-Not Available
Vendor-arscodeArscode
Product-ninja_popupsNinja Popups
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 70.49%
||
7 Day CHG+0.04%
Published-13 Apr, 2022 | 13:35
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.

Action-Not Available
Vendor-hubzillan/a
Product-hubzillan/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2017-20119
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.67% / 47.66%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 16:15
Updated-15 Apr, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TrueConf Server change-lang redirect

A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-trueconfTrueConf
Product-serverServer
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-27461
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.72% / 49.35%
||
7 Day CHG+0.02%
Published-04 May, 2022 | 14:04
Updated-03 Aug, 2024 | 05:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link.

Action-Not Available
Vendor-nopcommercen/a
Product-nopcommercen/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-4940
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.4||MEDIUM
EPSS-1.02% / 59.20%
||
7 Day CHG~0.00%
Published-22 Jun, 2024 | 05:23
Updated-15 Oct, 2025 | 12:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in gradio-app/gradio

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others. This issue is due to improper validation of user-supplied input in the handling of URLs. Attackers can exploit this vulnerability by crafting a malicious URL that, when processed by the application, redirects the user to an attacker-controlled web page.

Action-Not Available
Vendor-gradio_projectgradio-appgradio_project
Product-gradiogradio-app/gradiogradio
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-26156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 49.12%
||
7 Day CHG+0.02%
Published-28 Feb, 2022 | 15:24
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. Injection of a malicious payload within the RelayState= parameter of the HTTP request body results in the hijacking of the form action. Form-action hijacking vulnerabilities arise when an application places user-supplied input into the action URL of an HTML form. An attacker can use this vulnerability to construct a URL that, if visited by another application user, will modify the action URL of a form to point to the attacker's server.

Action-Not Available
Vendor-cherwelln/a
Product-cherwell_service_managementn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-29272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.86% / 88.90%
||
7 Day CHG~0.00%
Published-29 Jun, 2022 | 00:58
Updated-03 Aug, 2024 | 06:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-49706
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-5.1||MEDIUM
EPSS-0.29% / 20.98%
||
7 Day CHG~0.00%
Published-14 Apr, 2025 | 12:05
Updated-28 Oct, 2025 | 17:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in iKSORIS

Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version 79.0

Action-Not Available
Vendor-softcom.wrocSoftCOM
Product-iksorisiKSORIS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-15974
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.81% / 52.44%
||
7 Day CHG~0.00%
Published-23 Sep, 2020 | 00:27
Updated-13 Nov, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Managed Services Accelerator Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-managed_services_acceleratorCisco Managed Services Accelerator
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-20
Improper Input Validation
CVE-2022-26950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.53% / 40.93%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 23:33
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.

Action-Not Available
Vendor-n/aRSA Security LLC
Product-archern/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-50345
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.1||LOW
EPSS-0.56% / 42.78%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 20:56
Updated-03 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open redirect via browser-sanitized URLs in symfony/http-foundation

symfony/http-foundation is a module for the Symphony PHP framework which defines an object-oriented layer for the HTTP specification. The `Request` class, does not parse URI with special characters the same way browsers do. As a result, an attacker can trick a validator relying on the `Request` class to redirect users to another domain. The `Request::create` methods now assert the URI does not contain invalid characters as defined by https://url.spec.whatwg.org/. This issue has been patched in versions 5.4.46, 6.4.14, and 7.1.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-sensiolabssymfony
Product-symfonysymfony
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-49682
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 16.30%
||
7 Day CHG~0.00%
Published-24 Oct, 2024 | 11:36
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Membership plugin <= 4.5.3 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in wp.insider Simple Membership simple-membership allows Phishing.This issue affects Simple Membership: from n/a through <= 4.5.3.

Action-Not Available
Vendor-simple-membership-pluginwp.insider
Product-simple_membershipSimple Membership
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-26954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.65% / 46.74%
||
7 Day CHG~0.00%
Published-20 Oct, 2022 | 00:00
Updated-08 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.

Action-Not Available
Vendor-nopcommercen/a
Product-nopcommercen/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-4900
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 24.78%
||
7 Day CHG~0.00%
Published-24 Jun, 2024 | 06:00
Updated-19 May, 2025 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SEOPress < 7.8 - Contributor+ Open Redirect

The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious post

Action-Not Available
Vendor-seopressUnknown
Product-seopressSEOPress
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-26158
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 49.12%
||
7 Day CHG+0.02%
Published-28 Feb, 2022 | 15:25
Updated-03 Aug, 2024 | 04:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the web application in Cherwell Service Management (CSM) 10.2.3. It accepts and reflects arbitrary domains supplied via a client-controlled Host header. Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.

Action-Not Available
Vendor-cherwelln/a
Product-cherwell_service_managementn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-25799
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.47% / 37.17%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 22:00
Updated-17 Sep, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An open redirect vulnerability exists in CERT/CC VINCE software prior to version 1.50.0

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.

Action-Not Available
Vendor-certCERT/CC
Product-vinceVINCE - The Vulnerability Information and Coordination Environment
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-24776
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.92% / 56.00%
||
7 Day CHG~0.00%
Published-24 Mar, 2022 | 19:45
Updated-23 Apr, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in Flask-AppBuilder

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.

Action-Not Available
Vendor-dpgaspardpgaspar
Product-flask-appbuilderFlask-AppBuilder
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-24887
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.90% / 55.19%
||
7 Day CHG~0.00%
Published-27 Apr, 2022 | 13:55
Updated-22 Apr, 2025 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in Nextcloud Talk

Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.

Action-Not Available
Vendor-Nextcloud GmbH
Product-talksecurity-advisories
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-47648
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.25% / 16.33%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 18:06
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5.

Action-Not Available
Vendor-theeventprimeMetagauss Inc.
Product-eventprimeEventPrime
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-24794
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 49.00%
||
7 Day CHG~0.00%
Published-31 Mar, 2022 | 22:45
Updated-23 Apr, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in express-openid-connect

Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds.

Action-Not Available
Vendor-auth0auth0
Product-express_openid_connectexpress-openid-connect
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-24858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.74% / 50.03%
||
7 Day CHG~0.00%
Published-19 Apr, 2022 | 22:25
Updated-23 Apr, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.

Action-Not Available
Vendor-nextauth.jsnextauthjs
Product-next-authnext-auth
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2019-4631
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.78% / 51.57%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 18:30
Updated-16 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Secret Server 10.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 170001.

Action-Not Available
Vendor-IBM Corporation
Product-security_secret_serverSecurity Secret Server
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-47530
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.38% / 29.83%
||
7 Day CHG~0.00%
Published-30 Sep, 2024 | 15:17
Updated-15 Nov, 2024 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open redirect attack via next parameter due to absence of sanitization logic. Additionally, due to lack of scheme validation, HTTPS Downgrade Attack can be performed on the users. This vulnerability is fixed in 4.89.

Action-Not Available
Vendor-clinical-genomicsClinical-Genomicsclinical-genomics
Product-scoutscoutscout
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-47353
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 14.53%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 18:12
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ElementsReady Addons for Elementor plugin <= 6.4.2 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in quomodosoft ElementsReady Addons for Elementor element-ready-lite.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.2.

Action-Not Available
Vendor-quomodosoftquomodosoft
Product-elementsreadyElementsReady Addons for Elementor
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-24969
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-1.70% / 74.46%
||
7 Day CHG~0.00%
Published-06 Jun, 2022 | 22:00
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
bypass of CVE-2021-25640

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dubboApache Dubbo
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-24739
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.3||HIGH
EPSS-0.88% / 54.59%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 21:40
Updated-23 Apr, 2025 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect') in alltube

alltube is an html front end for youtube-dl. On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack (depending on how AllTube is configured). The impact is mitigated by the fact the SSRF attack is only possible when the `stream` option is enabled in the configuration. (This option is disabled by default.) 3.0.3 contains a fix for this vulnerability.

Action-Not Available
Vendor-alltube_projectRudloff
Product-alltubealltube
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-4704
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 35.99%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 06:00
Updated-01 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Contact Form 7 < 5.9.5 - Unauthenticated Open Redirect

The Contact Form 7 WordPress plugin before 5.9.5 has an open redirect that allows an attacker to utilize a false URL and redirect to the URL of their choosing.

Action-Not Available
Vendor-rocklobsterUnknownrocklobster
Product-contact_form_7Contact Form 7contact_form_7
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23618
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.80% / 52.08%
||
7 Day CHG+0.01%
Published-09 Feb, 2022 | 21:05
Updated-23 Apr, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-45247
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 12.55%
||
7 Day CHG~0.00%
Published-06 Oct, 2024 | 11:52
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Action-Not Available
Vendor-Sonarr
Product-Sonarr
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-46481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.28% / 19.72%
||
7 Day CHG~0.00%
Published-13 Jan, 2025 | 00:00
Updated-03 Oct, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.

Action-Not Available
Vendor-venkiVenki
Product-supravizio_bpmSupravizio BPM
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-4612
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.36% / 28.41%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 16:57
Updated-14 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23798
Matching Score-4
Assigner-Joomla! Project
ShareView Details
Matching Score-4
Assigner-Joomla! Project
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 42.82%
||
7 Day CHG~0.00%
Published-30 Mar, 2022 | 15:20
Updated-25 Feb, 2026 | 05:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
[20220306] - Core - Inadequate validation of internal URLs

An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate validation of URLs could result into an invalid check whether an redirect URL is internal or not.

Action-Not Available
Vendor-Joomla!
Product-joomla\!Joomla! CMS
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-22919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.62% / 45.42%
||
7 Day CHG~0.00%
Published-30 Jan, 2022 | 01:13
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs.

Action-Not Available
Vendor-adenzan/a
Product-axiomsl_controllerviewn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-4604
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 15.30%
||
7 Day CHG~0.00%
Published-26 Jun, 2024 | 15:09
Updated-03 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in Magarsus Consultancy's SSO

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields. This issue affects SSO (Single Sign On): from 1.0 before 1.1.

Action-Not Available
Vendor-Magarsus Consultancy
Product-SSO (Single Sign On)
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23599
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.73% / 49.95%
||
7 Day CHG~0.00%
Published-28 Jan, 2022 | 22:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-site Scripting and Open Redirect in Products.ATContentTypes

Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. Versions of Plone that are dependent on Products.ATContentTypes prior to version 3.0.6 are vulnerable to reflected cross site scripting and open redirect when an attacker can get a compromised version of the image_view_fullscreen page in a cache, for example in Varnish. The technique is known as cache poisoning. Any later visitor can get redirected when clicking on a link on this page. Usually only anonymous users are affected, but this depends on the user's cache settings. Version 3.0.6 of Products.ATContentTypes has been released with a fix. This version works on Plone 5.2, Python 2 only. As a workaround, make sure the image_view_fullscreen page is not stored in the cache. More information about the vulnerability and cvmitigation measures is available in the GitHub Security Advisory.

Action-Not Available
Vendor-n/aPlone Foundation
Product-plonen/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-46326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 35.75%
||
7 Day CHG~0.00%
Published-21 Oct, 2024 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.

Action-Not Available
Vendor-n/apkp
Product-n/apkb-lib
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-44776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 22.59%
||
7 Day CHG~0.00%
Published-29 Aug, 2024 | 00:00
Updated-25 Mar, 2025 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL.

Action-Not Available
Vendor-vtigern/a
Product-vtiger_crmn/a
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2022-23237
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 42.82%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 13:54
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites.

Action-Not Available
Vendor-n/aNetApp, Inc.
Product-e-series_santricity_os_controllerE-Series SANtricity OS Controller Software 11.x
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-29217
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-4
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6.1||MEDIUM
EPSS-0.71% / 49.22%
||
7 Day CHG~0.00%
Published-24 Feb, 2022 | 21:04
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote URL redirection vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard.

Action-Not Available
Vendor-n/aHewlett Packard Enterprise (HPE)
Product-oneview_global_dashboardHPE OneView Global Dashboard
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2024-43280
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.24% / 15.35%
||
7 Day CHG~0.00%
Published-19 Aug, 2024 | 17:45
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Salon Booking System plugin <= 10.8.1 - Open Redirection vulnerability

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Salon Booking System Salon booking system.This issue affects Salon booking system: from n/a through 10.8.1.

Action-Not Available
Vendor-salonbookingsystemSalon Booking System
Product-salon_booking_systemSalon booking system
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 15
  • 16
  • Next
Details not found