CWE:
 

Topic
Date
Author
Low
Masch CMStudio Banners 8.6.1 Open Redirection
29.03.2019
KingSkrupellos
Low
WordPress 4.9.10 ButterKekse Plugins Open Redirection
29.03.2019
KingSkrupellos
Low
WordPress 4.9.2 WordPress-Feed-Statistics Plugins 4.1 Open Redirection
29.03.2019
KingSkrupellos
Low
WordPress 4.8 Ait-ThemesClub TemplatePreview 1.8.1 RFI Open Redirection
28.03.2019
KingSkrupellos
Low
HollandPlaza TexelseMedia AdvertisementsCounter Plugins Open Redirection
28.03.2019
KingSkrupellos
Low
Masch CMStudio Banners Modules 8.6.1 Open Redirection
28.03.2019
KingSkrupellos
Low
WordPress 4.6.1 WireFunnel Plugins Open Redirection
28.03.2019
KingSkrupellos
Med.
WordPress 5.1.1 WPBounce AND-AntiBounce Plugins 1.0.3 Open Redirection
27.03.2019
KingSkrupellos
Low
Wordpress 5.0.4 begin Themes Open Redirection
26.03.2019
L4663r666h05t
Low
AlumniMagnet Open Redirection
26.03.2019
KingSkrupellos
Low
Progetti di Impresa SRL ItalyGov Open Redirection
26.03.2019
KingSkrupellos
Low
WordPress 3.4.2 The-CL-Amazon-Thingy Plugins 1.0 Open Redirection
23.03.2019
KingSkrupellos
Med.
WordPress 5.0.4 Age-Verification Plugins 0.5 Open Redirection
21.03.2019
KingSkrupellos
Low
WordPress 5.0.4 Zangai Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x BigChrome Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 5.0.4 2018110612035976 Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 5.1.1 Wopus Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.10 İfxPro.Cn Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.3 itiis Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x Wngzs Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x Concise Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x UsaMusic-PC Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress Aibbt Themes Open Redirection
12.03.2019
KingSkrupellos
Low
WordPress Deep Themes Open Redirection
12.03.2019
KingSkrupellos
Low
WordPress 2kqq Themes Open Redirection
12.03.2019
KingSkrupellos
Low
WordPress Azzxx Themes Open Redirection
12.03.2019
KingSkrupellos
Med.
OpenCart Price Comparison Store Modules 3.x Open Redirection
11.03.2019
KingSkrupellos
Med.
VanillaForums 2.x Open Redirection
11.03.2019
KingSkrupellos
Low
Babel 0.4.1 Open Redirection
07.03.2019
Jan Kopriva
Low
MeteoTemplate 17.1 Nectarine Diary Plugins 4.0 Open Redirection
07.03.2019
KingSkrupellos
Low
MeteoTemplate 17.1 Nectarine globalSnow Plugins 1.1 Open Redirection
07.03.2019
KingSkrupellos
Low
Meteotemplate 17.1 Nectarine indoorData Plugins 4.0 Open Redirection
07.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 Ajax Threads 1.1.3 Lite Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 vBSuper_PM 1.2.3 Lite Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.x Seo by vBSeo 3.3.2 Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 Member Map 1.1.2 Lite Open Redirection
04.03.2019
KingSkrupellos
Med.
MeteoTemplate 17.1 Nectarine Deviations Plugins 2.0 Open Redirection
03.03.2019
KingSkrupellos
Low
SMF 2.0.15 SMF4Mobile 1.1.5/1.2 SMF-Media Open Redirection
02.03.2019
KingSkrupellos
Low
XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection
02.03.2019
KingSkrupellos
Low
XenForo 1.5.x XF-Russia Open Redirection
02.03.2019
KingSkrupellos
Low
vBulletin 3.8.x vBadvanced CMPS v3.2.3 Open Redirection
01.03.2019
KingSkrupellos
Med.
vBulletin 3.8.4 Zoints SEO 2.3.2 Computer-Logic Open Redirection
01.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 vBSEO 3.6.1 Open Redirection
28.02.2019
KingSkrupellos
Low
vBulletin 4.x.x DragonByte SEO v2.0.31 Pro Open Redirection
28.02.2019
KingSkrupellos
Med.
MeteoTemplate 17.1 Nectarine windDirection Plugins 2.2 Open Redirection
27.02.2019
KingSkrupellos
Low
MeteoTemplate 17.1 Nectarine Deviations Open Redirection
26.02.2019
KingSkrupellos
Low
AsureSoftware AsureForce Time Version 12.0 Open Redirection
26.02.2019
KingSkrupellos
Med.
MeteoTemplate 17.1 Nectarine stationExtremes Plugins 2.0 Open Redirection
26.02.2019
KingSkrupellos
Low
1up! Software Going1up The Newspaper CMS 1998-2019 1.x Open Redirection
26.02.2019
KingSkrupellos
Low
Drupal Pubdlcnt 7.x-1.2 Open Redirection
22.02.2019
KingSkrupellos
Low
Drupal Pubdlcnt Modules 7.x-1.2 Public Download Count Open Redirection
21.02.2019
KingSkrupellos
Med.
WordPress WP-JS-External-Link-Info Plugins 2.2.0 Open Redirection
18.02.2019
KingSkrupellos
Low
GetSimpleCMS 3.3.13 Open Redirect
15.02.2019
Mithat Gogebakan
Low
OpenText Documentum Webtop 5.3 SP2 Open Redirect
11.02.2019
Rafael Pedrero
Low
glimpse.bukalapak.com Open Redirect
03.02.2019
abay
Med.
WordPress 2013 TwentyThirteen Themes 5.0.3 Open Redirection
16.01.2019
KingSkrupellos
Low
ModX Open Source CMS Babel Modules 3.0.0 Open Redirect
15.01.2019
KingSkrupellos
Med.
Joomla Simple RSS Feed Reader mod_jw_srfr 3.6.0 Modules Open Redirect
15.01.2019
KingSkrupellos
Low
OrangeForum 1.4.0 Open Redirection
10.01.2019
Omar Kurt
Low
WordPress BlackHawk Themes Open Redirection Vulnerability
26.11.2018
KingSkrupellos
Med.
WordPress Begin Themes Start-up Business ThemeForest Open Redirection Vulnerability
04.11.2018
KingSkrupellos
Low
Microhard Systems 3G/4G Cellular Ethernet And Serial Gateway Open Redirect
17.07.2018
LiquidWorm
Low
Developed By the DokaGroup Laboratory 2008-2011 Belarus Open Redirection Vulnerability
29.06.2018
KingSkrupellos
Low
Provided By Green4Solutions EcommZone Open Redirection Vulnerability
21.06.2018
KingSkrupellos
Low
Technical Support A2i-PMO Bangladesh e-Government Open Redirection Vulnerability
10.06.2018
KingSkrupellos
Med.
WolfCMS 0.8.3.1 Open Redirect
10.04.2018
Sureshbabu Narvaneni
Low
Tuleap Open Redirect
08.03.2018
Anonymous
Low
F-Secure Radar Open Redirect
17.02.2018
Oscar Hjelm
Low
Oracle E-Business Suite 12.1.3 / 12.2.x Open Redirect
16.01.2018
author
Low
WordPress MQ ReLinks 1.8 XSS / Open Redirection
11.01.2018
Ricardo Sanchez
Low
WordPress Feed-Statistics 4.1 Open Redirect
22.12.2017
Mostafa Gharzi
Low
OpenText Documentum Administrator / Webtop Open Redirection
27.09.2017
Jakub Palaczynski
Med.
Progress Sitefinity 9.1 XSS / Session Management / Open Redirect
23.08.2017
SEC Consult
Med.
Ubiquiti Networks Open Redirect
25.07.2017
T.Weber
Low
DoorGets CMS 7.0 Open Redirect
04.07.2017
Rudra Sarkar
Med.
Drupal Public Download Count Module - Open Redirect
08.06.2017
Snooper
Med.
CMS Made Simple Babel Module 0.3.3 Open Redirect / Content Forgery
03.05.2017
MLT
Low
Amazon Simple Storage Service (S3) - Open Redirect Vulnerability
29.03.2017
Zero Security Group
Low
Instagram - Open Redirect Vulnerability
08.02.2017
S3Ni0R.M0T3Z4D
Low
LogicBoard CMS 3.0 / 4.0 / 4.1 Open Redirect
02.02.2017
n0ipr0cs
Med.
MailStore 10.0.1 Cross Site Scripting / Open Redirect
02.02.2017
Tobias Glemser
Low
Sarzamin Download - Open Redirect Vulnerability
20.01.2017
Blackwolf_Iran
Low
D-Link DIR-615 Open Redirection / Cross Site Scripting
14.01.2017
Osanda Malith Jayathis...
Low
Peplink NGxxx/LCxxx VPN-Firewall Open Redirect
30.11.2016
Gjoko 'LiquidWorm' Krs...
Med.
Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling
19.11.2016
Tim Coen
Med.
Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags
19.11.2016
Tim Coen
Low
Verint Impact 360 11.1 Open Redirect
11.11.2016
Sanehdeep Singh
Low
Puppet Enterprise Web Interface Open Redirect
23.10.2016
hyp3rlinx
Med.
Nagios XI 5.2.9 Cross Site Scripting / Open Redirect
21.10.2016
hyp3rlinx
Med.
Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
13.10.2016
S3ba
Low
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
11.10.2016
Vulnerability Lab
Low
u5 CMS 5.1.4 Open Redirect
27.09.2016
indoushka
Low
Coupon CMS 5.00 Open Redirect
20.09.2016
indoushka
Low
ECShop 2.7.2 Open Redirect
20.09.2016
indoushka
Med.
ASUS RT-N10 Multiple Vulnerabilities
15.09.2016
MustLive
Low
Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect
30.06.2016
hyp3rlinx
Low
JobScript Open Redirection Vulnerability
23.05.2016
Bikramaditya Guha aka ...
Low
Oracle Discoverer Viewer BI Open Redirect
28.04.2016
Vulnerability Lab
Low
Fireware XTM Web UI Open Redirect
31.03.2016
Manuel Mancera


CVEMAP Search Results

CVE
Details
Description
2019-04-04
Medium
CVE-2019-10856

Updating...
 

 
In Jupyter Notebook before 5.7.8, an open redirect can occur via an empty netloc. This issue exists because of an incomplete fix for CVE-2019-10255.

 
2019-04-02
Medium
CVE-2018-15180

Vendor: Qasymphony
Software: Qtest manager
 

 
qTest Portal in QASymphony qTest Manager 9.0.0 has an Open Redirect via the /portal/loginform redirect parameter.

 
2019-04-01
Medium
CVE-2018-8913

Updating...
 

 
Missing custom error page vulnerability in Synology Web Station before 2.1.3-0139 allows remote attackers to conduct phishing attacks via a crafted URL.

 
2019-03-29
Medium
CVE-2017-18109

Vendor: Atlassian
Software: Crowd
 

 
The login resource of CrowdId in Atlassian Crowd before version 3.0.2 and from version 3.1.0 before version 3.1.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect.

 
2019-03-28
Medium
CVE-2019-10255

Updating...
 

 
An Open Redirect vulnerability for all browsers in Jupyter Notebook before 5.7.7 and some browsers (Chrome, Firefox) in JupyterHub before 0.9.5 allows crafted links to the login page, which will redirect to a malicious site after successful login. Servers running on a base_url prefix are not affected.

 
2019-03-26
Medium
CVE-2019-3850

Vendor: Moodle
Software: Moodle
 

 
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.

 
2019-03-21
Medium
CVE-2019-9915

Vendor: Get-simple.
Software: Getsimplecms
 

 
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.

 
Medium
CVE-2019-9837

Updating...
 

 
Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow.

 
2019-03-07
Medium
CVE-2018-17422

Vendor: Dotcms
Software: Dotcms
 

 
dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter.

 
Medium
CVE-2019-3778

Vendor: Pivotal software
Software: Spring secur...
 

 
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).

 

 


Copyright 2019, cxsecurity.com

 

Back to Top