Filtered by CWE-601
Total 1209 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-0319 1 Fireeye 1 Hxtool 2024-11-21 5.4 Medium
Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.
CVE-2023-6545 1 Beckhoff 2 Authelia-bhf, Twincat\/bsd 2024-11-21 4.7 Medium
The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia.
CVE-2023-6380 1 Alkacon 1 Opencms 2024-11-21 6.1 Medium
Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter.
CVE-2023-5629 1 Schneider-electric 32 Eb450, Eb450 Firmware, Eb45e and 29 more 2024-11-21 8.2 High
A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP.
CVE-2023-5610 1 S-sols 1 Seraphinite Accelerator 2024-11-21 5.4 Medium
The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect
CVE-2023-5445 1 Mcafee 1 Epolicy Orchestrator 2024-11-21 5.4 Medium
An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server.
CVE-2023-5375 1 Mosparo 1 Mosparo 2024-11-21 6.1 Medium
Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.
CVE-2023-52263 1 Brave 1 Browser 2024-11-21 6.1 Medium
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.
CVE-2023-51675 1 Vasyltech 1 Advanced Access Manager 2024-11-21 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.
CVE-2023-51517 1 Codepeople 1 Calculated Fields Form 2024-11-21 4.1 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form.This issue affects Calculated Fields Form: from n/a through 1.2.28.
CVE-2023-50704 1 Efacec 2 Uc 500e, Uc 500e Firmware 2024-11-21 4.3 Medium
An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users.
CVE-2023-4965 1 Phpipam 1 Phpipam 2024-11-21 2.7 Low
A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.
CVE-2023-4964 1 Microfocus 2 Asset Management X, Service Management Automation X 2024-11-21 8.2 High
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.
CVE-2023-49438 1 Flask-security-too Project 1 Flask-security-too 2024-11-21 6.1 Medium
An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
CVE-2023-49281 1 Cainor 1 Calendarinho 2024-11-21 4.7 Medium
Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection. The problem is has been patched in commit `15b2393`. Users are advised to update to a commit after `15b2393`. There are no known workarounds for this vulnerability.
CVE-2023-49240 1 Huawei 2 Emui, Harmonyos 2024-11-21 7.5 High
Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49104 1 Owncloud 1 Oauth2 2024-11-21 8.7 High
An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. An attacker is able to pass in a crafted redirect-url that bypasses validation, and consequently allows an attacker to redirect callbacks to a Top Level Domain controlled by the attacker.
CVE-2023-49061 1 Mozilla 1 Firefox 2024-11-21 6.1 Medium
An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120.
CVE-2023-48815 1 Keking 1 Kkfileview 2024-11-21 6.1 Medium
kkFileView v4.3.0 is vulnerable to Incorrect Access Control.
CVE-2023-48325 1 Pluginops 1 Landing Page Builder 2024-11-21 4.7 Medium
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5.