Export limit exceeded: 364816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (1575 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-11718 1 Metinfo Project 1 Metinfo 2025-04-20 N/A
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.
CVE-2017-1159 1 Ibm 1 Business Process Manager 2025-04-20 N/A
IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 122891.
CVE-2017-11586 1 Finecms 1 Finecms 2025-04-20 N/A
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
CVE-2017-1156 1 Ibm 1 Websphere Portal 2025-04-20 N/A
IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force. ID: 122592
CVE-2017-1000070 1 Oauth2 Proxy Project 1 Oauth2 Proxy 2025-04-20 N/A
The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819
CVE-2017-1000027 1 Koozali 1 Sme Server 2025-04-20 N/A
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect vulnerability in the user web login function resulting in unauthorized account access.
CVE-2017-1000013 1 Phpmyadmin 1 Phpmyadmin 2025-04-20 N/A
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
CVE-2016-9099 1 Broadcom 2 Advanced Secure Gateway, Symantec Proxysg 2025-04-20 N/A
Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site.
CVE-2016-7137 1 Plone 1 Plone 2025-04-20 N/A
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1) %2b%2bgroupdashboard%2b%2bplone.dashboard1%2bgroup/%2b/portlets.Actions or (2) folder/%2b%2bcontextportlets%2b%2bplone.footerportlets/%2b /portlets.Actions or the (3) came_from parameter to /login_form.
CVE-2016-4075 1 Opera 2 Opera Browser, Opera Mini 2025-04-20 6.1 Medium
Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.
CVE-2015-9058 1 Proxmox 1 Proxmox Mail Gateway 2025-04-20 N/A
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
CVE-2015-6501 1 Puppet 1 Puppet Enterprise 2025-04-20 N/A
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
CVE-2015-5054 1 Ellucian 1 Banner Student 2025-04-20 N/A
Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified parameter.
CVE-2015-4668 1 Xceedium 1 Xsuite 2025-04-20 N/A
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
CVE-2015-4070 1 Wow New Media 1 Wow Moodboard Lite 2025-04-20 N/A
Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.
CVE-2022-38662 1 Hcltech 1 Hcl Digital Experience 2025-04-18 6.1 Medium
 In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.
CVE-2022-41275 1 Sap 1 Solution Manager 2025-04-18 6.1 Medium
In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.
CVE-2022-23527 3 Debian, Openidc, Redhat 3 Debian Linux, Mod Auth Openidc, Enterprise Linux 2025-04-18 4.7 Medium
mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. Versions prior to 2.4.12.2 are vulnerable to Open Redirect. When providing a logout parameter to the redirect URI, the existing code in oidc_validate_redirect_url() does not properly check for URLs that start with /\t, leading to an open redirect. This issue has been patched in version 2.4.12.2. Users unable to upgrade can mitigate the issue by configuring mod_auth_openidc to only allow redirection when the destination matches a given regular expression with OIDCRedirectURLsAllowed.
CVE-2024-42930 1 Pbootcms 1 Pbootcms 2025-04-17 6.1 Medium
PbootCMS 3.2.8 is vulnerable to URL Redirect.
CVE-2023-6552 1 Tasmoadmin 1 Tasmoadmin 2025-04-17 6.1 Medium
Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability.