CWE:
 

Topic
Date
Author
Low
F-Secure Radar Open Redirect
17.02.2018
Oscar Hjelm
Low
Oracle E-Business Suite 12.1.3 / 12.2.x Open Redirect
16.01.2018
author
Low
WordPress MQ ReLinks 1.8 XSS / Open Redirection
11.01.2018
Ricardo Sanchez
Low
WordPress Feed-Statistics 4.1 Open Redirect
22.12.2017
Mostafa Gharzi
Low
OpenText Documentum Administrator / Webtop Open Redirection
27.09.2017
Jakub Palaczynski
Med.
Progress Sitefinity 9.1 XSS / Session Management / Open Redirect
23.08.2017
SEC Consult
Med.
Ubiquiti Networks Open Redirect
25.07.2017
T.Weber
Low
DoorGets CMS 7.0 Open Redirect
04.07.2017
Rudra Sarkar
Med.
Drupal Public Download Count Module - Open Redirect
08.06.2017
Snooper
Med.
CMS Made Simple Babel Module 0.3.3 Open Redirect / Content Forgery
03.05.2017
MLT
Low
Amazon Simple Storage Service (S3) - Open Redirect Vulnerability
29.03.2017
Zero Security Group
Low
Instagram - Open Redirect Vulnerability
08.02.2017
S3Ni0R.M0T3Z4D
Low
LogicBoard CMS 3.0 / 4.0 / 4.1 Open Redirect
02.02.2017
n0ipr0cs
Med.
MailStore 10.0.1 Cross Site Scripting / Open Redirect
02.02.2017
Tobias Glemser
Low
Sarzamin Download - Open Redirect Vulnerability
20.01.2017
Blackwolf_Iran
Low
D-Link DIR-615 Open Redirection / Cross Site Scripting
14.01.2017
Osanda Malith Jayathis...
Low
Peplink NGxxx/LCxxx VPN-Firewall Open Redirect
30.11.2016
Gjoko 'LiquidWorm' Krs...
Med.
Lepton 2.2.2 Stable CSRF / Open Redirect / Password Handling
19.11.2016
Tim Coen
Med.
Jaws 1.1.1 Open Redirect / Object Injection / Cookie Flags
19.11.2016
Tim Coen
Low
Verint Impact 360 11.1 Open Redirect
11.11.2016
Sanehdeep Singh
Low
Puppet Enterprise Web Interface Open Redirect
23.10.2016
hyp3rlinx
Med.
Nagios XI 5.2.9 Cross Site Scripting / Open Redirect
21.10.2016
hyp3rlinx
Med.
Plone CMS 4.3.11 / 5.0.6 XSS / Traversal / Open Redirection
13.10.2016
S3ba
Low
Facebook API v2.1 - RFC6749 Open Redirect Vulnerability
11.10.2016
Vulnerability Lab
Low
u5 CMS 5.1.4 Open Redirect
27.09.2016
indoushka
Low
Coupon CMS 5.00 Open Redirect
20.09.2016
indoushka
Low
ECShop 2.7.2 Open Redirect
20.09.2016
indoushka
Med.
ASUS RT-N10 Multiple Vulnerabilities
15.09.2016
MustLive
Low
Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect
30.06.2016
hyp3rlinx
Low
JobScript Open Redirection Vulnerability
23.05.2016
Bikramaditya Guha aka ...
Low
Oracle Discoverer Viewer BI Open Redirect
28.04.2016
Vulnerability Lab
Low
Fireware XTM Web UI Open Redirect
31.03.2016
Manuel Mancera
Low
Fortinet FortiOS Open Redirect / Cross Site Scripting
22.03.2016
Javier Nieto
Low
perfact::mpa Open Redirect
02.03.2016
Matthias Deeg and Sven...
Low
Adobe Cross Site Scripting / Open Redirect
19.02.2016
Vulnerability Lab
Low
Prezi Cross Site Scripting / Open Redirect
19.02.2016
Vulnerability Lab
Med.
WordPress 4.4.2 SSRF and open redirect vulnerability
09.02.2016
Multiple
Low
Wordpress clikstats plugin Open Redirect
08.02.2016
Ashiyane Digital Secur...
Low
Wordpress Newsletter Pro Plugin Open Redirect
08.02.2016
Ashiyane Digital Secur...
Low
Revive Adserver 3.2.2 Open Redirect
26.01.2016
Ashiyane Digital Secur...
Low
Church Edit Open Redirect
24.01.2016
Ashiyane Digital Secur...
Low
WordPress Extredj Open Redirection
20.01.2016
KnocKout
Low
WordPress No External Links 2.6.3 / 2.7.1 Open Redirect
14.01.2016
Ashiyane Digital Secur...
Low
WordPress JS External Link Info 1.21 Open Redirect
12.01.2016
Ashiyane Digital Secur...
Low
PhpSocial 2.0.0304_20222226 Cross Site Scripting / Open Redirect
26.12.2015
Tim Coen
Med.
CouchCMS 1.4.5 Cross Site Scripting / Open Redirect
25.12.2015
Tim Coen
Med.
Tweet Nest 0.8 Open Redirect
18.12.2015
indoushka
Low
Wordpress Begin Themes Open Redirect Vulnerability
17.12.2015
FullSecurity
Low
PageFlex CMS 1.1.2 Open Redirect
09.12.2015
indoushka
Med.
ASUS RT-N15U Code Execution / XSS / Open Redirect
04.12.2015
MustLive
Low
Banner Student XSS / Information Disclosure / Open Redirect
04.12.2015
RiskSense
Low
Elefant CMS Open Redirect
10.11.2015
Ashiyane Digital Secur...
Med.
actiTIME 2015.2 Multiple Vulnerabilities
01.11.2015
Gjoko 'LiquidWorm' Krs...
Low
Google Open Redirect
16.10.2015
Vicente Aguilera Diaz,
Low
Kentico CMS 8.2 Cross Site Scripting / Open Redirect
16.10.2015
KINGSABRI
Low
PayPal URL Redirect Web Vulnerability
12.10.2015
Vulnerability Lab
Low
Anchor CMS 0.9.2 Cross Site Scripting / Open Redirect
18.09.2015
Tim Coen
Low
Phorum 5.2.19 Cross Site Scripting / Open Redirect
19.08.2015
Tim Coen
Low
OpenX - Revive Oped Redirect Vulnerability
15.08.2015
R3NW4
Low
Frog CMS 0.9.5 Open Redirect
11.08.2015
Arash Khazaei
Low
GetSimple CMS 3.3.5 Open Redirect
11.08.2015
Arash Khazaei
Med.
WolfCMS Open Redirect Vulnerability
10.08.2015
Arash Khazaei
Low
WordPress Music Store 1.0.14 Open Redirect
28.07.2015
Nitin Venkatesh
Low
Seditio CMS 1.7.1 Open Redirect
28.07.2015
Arash Khazaei
Low
Oracle E-Business Suite Open Redirection
18.07.2015
Owais Mohammad Khan
Low
Kaseya Virtual System Administrator File Download / Open Redirect
15.07.2015
Pedro Ribeiro
Med.
Bonita BPM 6.5.1 Directory Traversal / Open Redirect
10.06.2015
High-Tech Bridge Secur...
Low
SilverStripe CMS 3.1.13 XSS / Open Redirect
10.06.2015
John Page
Low
Vevocart 6.1.0 Open Redirect
31.05.2015
provensec
Low
SolarWinds Network Performance Monitor Open Redirect
23.05.2015
Provensec
Low
phpBB 3.0.13 Open Redirect under chrome
12.05.2015
bantu
Low
Opoint Media Intelligence Open Redirect
17.04.2015
Wang Jing
Low
Qlik Open Redirect
08.04.2015
provensec
Med.
Ericsson Drutt MSDP (3PI Manager) Open Redirect
01.04.2015
Anastasios Monachos (s...
Low
Innovative WebPAC Pro 2.0 Open Redirect
17.03.2015
Wang Jing
Low
WordPress Newsletter 2.6.x / 2.5.x Open Redirect
05.03.2015
Wang Jing
Low
u5CMS 3.9.3 Multiple Open Redirect Vulnerabilities
10.02.2015
Gjoko 'LiquidWorm' Krs...
Med.
Mantis BugTracker 1.2.19 Open Redirect
29.01.2015
Alejo Popovici
Med.
Alibaba Cross Site Scripting / Open Redirect
23.01.2015
Wang Jing
Low
Tapatalk Open Redirect
20.01.2015
nhoya
Low
WoltLab Burning Board 4.0 Tapatalk Open Redirect
14.01.2015
RedTeam
Low
AdaptCMS 3.0.3 HTTP Referer Header Field Open Redirect Vulnerability
06.01.2015
Gjoko 'LiquidWorm' Krs...
Med.
CNN Cross Site Scripting / Open Redirect
30.12.2014
Wang Jing
Med.
MantisBT 1.2.17 URL redirection issue
14.12.2014
P Richards
Low
WordPress Ad-Manager 1.1.2 Open Redirect
01.12.2014
Wang Jing
Low
Booking.com Open Redirect
22.11.2014
Sergio Giucastro
Med.
Zenario CMS 7.0.2d Cross Site Scripting / Open Redirect
21.11.2014
Gjoko 'LiquidWorm' Krs...
Med.
Snowfox CMS 1.0 Open Redirect
19.11.2014
Gjoko 'LiquidWorm' Krs...
Low
Google DoubleClick Open Redirect
15.11.2014
Wang Jing
Low
Eleanor CMS Open Redirect
13.11.2014
Renzi
Low
vBulletin 4.2.1 Open Redirect
05.11.2014
Renzi
Low
Newtelligence dasBlog 2.3 Open Redirect
21.10.2014
Wang Jing
Med.
Newtelligence dasBlog Open Redirect Vulnerability
20.10.2014
Wang Jing
Low
OpenX 2.8.10 Open Redirect
17.10.2014
Wang Jing
Med.
Pagekit 0.8.7 Cross Site Scripting / Open Redirect
14.10.2014
Mahendra
Low
Samsung.com Open Redirect
14.10.2014
Claudio Viviani
Low
Blackberry.com Open Redirect
14.10.2014
Claudio Viviani
Low
Netgear Download Center Cross Site Scripting / Open Redirect
19.09.2014
Claudio Viviani
Med.
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
17.09.2014
Pietro Minniti
Low
Impress CMS 1.3.7 Open Redirect
05.09.2014
JoeV


CVEMAP Search Results

CVE
Details
Description
2018-02-02
Medium
CVE-2016-0329

Vendor: IBM
Software: Emptoris sou...
 

 
Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.

 
2018-02-01
Medium
CVE-2018-6520

Updating...
 

 
SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.

 
2018-01-26
Medium
CVE-2017-2166

Vendor: Groupsession
Software: Groupsession
 

 
Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

 
2018-01-24
Medium
CVE-2018-6200

Vendor: Vbulletin
Software: Vbulletin
 

 
vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the redirector.php url parameter.

 
2018-01-18
Medium
CVE-2018-0097

Vendor: Cisco
Software: Prime infras...
 

 
A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646.

 
2018-01-10
Medium
CVE-2017-1534

Vendor: IBM
Software: Security acc...
 

 
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676.

 
2018-01-09
Medium
CVE-2017-1668

Vendor: IBM
Software: Security key...
 

 
IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 133562.

 
2018-01-03
Medium
CVE-2017-1000484

Vendor: Plone
Software: Plone
 

 
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)

 
Medium
CVE-2017-1000481

Vendor: Plone
Software: Plone
 

 
When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix.

 
2018-01-02
Medium
CVE-2017-1000434

Vendor: Furikake project
Software: Furikake
 

 
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));

 

 


Copyright 2018, cxsecurity.com

 

Back to Top