CWE:
 

Topic
Date
Author
Low
Twitter Analytics Open Redirect
09.10.2020
asheesh anaconda
Low
Verint Impact 360 15.1 Open Redirect
16.07.2020
Ryan Delaney
Low
Android o2 Business 1.2.0 Open Redirect
05.07.2020
Julien Ahrens
Low
WordPress Weekender Newspaper Themes 9.0 Open Redirection
18.04.2020
KingSkrupellos
Low
WordPress Attitude Themes 1.1.1 Open Redirection
30.03.2020
KingSkrupellos
Low
WordPress Eatery Restaurant Themes 2.2 Open Redirection
30.03.2020
KingSkrupellos
Low
WordPress justnews-child Themes 1.0 Open Redirection
30.03.2020
KingSkrupellos
Low
WordPress Nashvilleparent Themes 1.10 Open Redirection
30.03.2020
KingSkrupellos
Low
WordPress Grimag Themes 1.2.5 Open Redirection
24.03.2020
KingSkrupellos
Low
WordPress Wmyx2.0 Themes 2.0 Open Redirection
24.03.2020
KingSkrupellos
Low
WordPress ProStore Themes 1.1.2 Open Redirection
24.03.2020
KingSkrupellos
Low
WordPress Eurielle Themes 0.1.0 Open Redirection
24.03.2020
KingSkrupellos
Low
WordPress Upward Themes 1.5 Open Redirection
24.03.2020
KingSkrupellos
Low
Yandex Search Engine Open Redirection
22.03.2020
KingSkrupellos
Low
WordPress WPTouch Switch Desktop 3.x Open Redirection
22.03.2020
KingSkrupellos
Low
Koha GreenStone Library 3.x Open Redirection
22.03.2020
KingSkrupellos
Med.
Daktilo News Software 1.9 Open Redirection
22.03.2020
KingSkrupellos
Med.
Revive Adserver 5.0.4 Security Bypass / Open Redirect
14.03.2020
Matteo Beccati
Med.
HomeAutomation 3.3.2 Open Redirect
31.12.2019
LiquidWorm
Low
Apache Httpd mod_rewrite Open Redirects
21.11.2019
Anonymous
Low
Optergy Proton/Enterprise BMS 2.3.0a Open Redirect
13.11.2019
LiquidWorm
Low
ParantezTeknoloji Library Software 16.0519000 Open Redirection
05.10.2019
KingSkrupellos
Low
Desarollo por Ezink Gds-Web Open Redirection Vulnerability
04.10.2019
KingSkrupellos
Low
Devinim Library Software 19.0504000 Open Redirection Vulnerability
04.10.2019
KingSkrupellos
Low
ParantezTeknoloji Library Software 16.0519000 Open Redirection Vulnerability
04.10.2019
KingSkrupellos
Low
Mediasation Wliinc26 Open Redirection
20.08.2019
KingSkrupellos
Low
Zurmo 3.2.6 Open Redirection
28.07.2019
Daniel Bishtawi
Med.
Paypal app Link Open Redirection
09.07.2019
Iran Cyber Security Gr...
Med.
Koha Library Software 18.1106000 Tracklinks Open Redirection
20.06.2019
KingSkrupellos
Low
Spring Security OAuth 2.3 Open Redirection
19.06.2019
Riemann
Med.
WordPress 5.2.1 Antena_Ri Institute Themes 2.0 Open Redirection
10.06.2019
KingSkrupellos
Low
CMSMadeSimple Software Babel Modules 1.9.4.2 Open Redirection
03.06.2019
KingSkrupellos
Low
WordPress WPAds Plugins 1.0 Open Redirection
29.05.2019
KingSkrupellos
Low
WordPress 4.8 Nya-Comment-DoFollow Plugins 1.0 Open Redirection
29.05.2019
KingSkrupellos
Low
WordPress 5.1.1 jilijilibegin Themes LTS 4.6 Open Redirection
28.05.2019
KingSkrupellos
Low
WordPress 4.9.x Jingke Themes 1.0 Open Redirection
28.05.2019
KingSkrupellos
Low
WordPress 4.9.10 Xunjin Themes 4.6 Open Redirection
28.05.2019
KingSkrupellos
Low
WordPress 4.8.9 Tigin Themes 1.0.5 Open Redirection
28.05.2019
KingSkrupellos
Low
WordPress 5.2.1 Divi-Child Themes 1.0 Open Redirection
28.05.2019
KingSkrupellos
Med.
WordPress 4.9.10 4DMayi Themes 4.6 Open Redirection
25.05.2019
KingSkrupellos
Med.
WordPress 5.2.1 DingTalk Themes LTS 4.6 Open Redirection
25.05.2019
KingSkrupellos
Med.
WordPress 4.9.8 LaneMotorSport Responsive Themes 1.8.4 Open Redirection
25.05.2019
KingSkrupellos
Med.
WordPress 4.6.14 lqcPlugin-regiePublicites Plugins 1.0 Open Redirection
25.05.2019
KingSkrupellos
Low
Irish News TheJournal Open Redirection
23.05.2019
KingSkrupellos
Med.
WordPress 4.6.12 PHPL Plugins 1.0 Open Redirection
23.05.2019
KingSkrupellos
Low
WordPress 5.2.1 Dankov Planer Themes 1.1.2 Open Redirection
23.05.2019
KingSkrupellos
Low
WordPress 4.9.10 Aliyun Themes 5.2 Open Redirection
23.05.2019
KingSkrupellos
Low
WordPress 4.4.18 Ad-Manager Plugins 1.1.2 Open Redirection
23.05.2019
KingSkrupellos
Low
WordPress 4.9.10 Chrome-Extensions Themes 1.0 Open Redirection
23.05.2019
KingSkrupellos
Med.
Xoops Wordpress Modules WP-Ktai 0.5.0 Japan Open Redirection
20.05.2019
KingSkrupellos
Med.
Revive Adserver Deserialization / Open Redirect
02.05.2019
Matteo Beccati
Low
Masch CMStudio Banners 8.6.1 Open Redirection
29.03.2019
KingSkrupellos
Low
WordPress 4.9.10 ButterKekse Plugins Open Redirection
29.03.2019
KingSkrupellos
Low
WordPress 4.9.2 WordPress-Feed-Statistics Plugins 4.1 Open Redirection
29.03.2019
KingSkrupellos
Low
WordPress 4.8 Ait-ThemesClub TemplatePreview 1.8.1 RFI Open Redirection
28.03.2019
KingSkrupellos
Low
HollandPlaza TexelseMedia AdvertisementsCounter Plugins Open Redirection
28.03.2019
KingSkrupellos
Low
Masch CMStudio Banners Modules 8.6.1 Open Redirection
28.03.2019
KingSkrupellos
Low
WordPress 4.6.1 WireFunnel Plugins Open Redirection
28.03.2019
KingSkrupellos
Med.
WordPress 5.1.1 WPBounce AND-AntiBounce Plugins 1.0.3 Open Redirection
27.03.2019
KingSkrupellos
Low
Wordpress 5.0.4 begin Themes Open Redirection
26.03.2019
L4663r666h05t
Low
AlumniMagnet Open Redirection
26.03.2019
KingSkrupellos
Low
Progetti di Impresa SRL ItalyGov Open Redirection
26.03.2019
KingSkrupellos
Low
WordPress 3.4.2 The-CL-Amazon-Thingy Plugins 1.0 Open Redirection
23.03.2019
KingSkrupellos
Med.
WordPress 5.0.4 Age-Verification Plugins 0.5 Open Redirection
21.03.2019
KingSkrupellos
Low
WordPress 5.0.4 Zangai Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x BigChrome Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 5.0.4 2018110612035976 Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 5.1.1 Wopus Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.10 İfxPro.Cn Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.3 itiis Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x Wngzs Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x Concise Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress 4.9.x UsaMusic-PC Themes Open Redirection
18.03.2019
KingSkrupellos
Low
WordPress Aibbt Themes Open Redirection
12.03.2019
KingSkrupellos
Low
WordPress Deep Themes Open Redirection
12.03.2019
KingSkrupellos
Low
WordPress 2kqq Themes Open Redirection
12.03.2019
KingSkrupellos
Low
WordPress Azzxx Themes Open Redirection
12.03.2019
KingSkrupellos
Med.
OpenCart Price Comparison Store Modules 3.x Open Redirection
11.03.2019
KingSkrupellos
Med.
VanillaForums 2.x Open Redirection
11.03.2019
KingSkrupellos
Low
Babel 0.4.1 Open Redirection
07.03.2019
Jan Kopriva
Low
MeteoTemplate 17.1 Nectarine Diary Plugins 4.0 Open Redirection
07.03.2019
KingSkrupellos
Low
MeteoTemplate 17.1 Nectarine globalSnow Plugins 1.1 Open Redirection
07.03.2019
KingSkrupellos
Low
Meteotemplate 17.1 Nectarine indoorData Plugins 4.0 Open Redirection
07.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 Ajax Threads 1.1.3 Lite Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 Thread Post Bookmarking 1.2.0 Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 vBSuper_PM 1.2.3 Lite Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.x Seo by vBSeo 3.3.2 Open Redirection
04.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 Member Map 1.1.2 Lite Open Redirection
04.03.2019
KingSkrupellos
Med.
MeteoTemplate 17.1 Nectarine Deviations Plugins 2.0 Open Redirection
03.03.2019
KingSkrupellos
Low
SMF 2.0.15 SMF4Mobile 1.1.5/1.2 SMF-Media Open Redirection
02.03.2019
KingSkrupellos
Low
XenForo 1.5.x Advanced Application Forms 1.2.2 Open Redirection
02.03.2019
KingSkrupellos
Low
XenForo 1.5.x XF-Russia Open Redirection
02.03.2019
KingSkrupellos
Low
vBulletin 3.8.x vBadvanced CMPS v3.2.3 Open Redirection
01.03.2019
KingSkrupellos
Med.
vBulletin 3.8.4 Zoints SEO 2.3.2 Computer-Logic Open Redirection
01.03.2019
KingSkrupellos
Low
vBulletin 4.2.5 vBSEO 3.6.1 Open Redirection
28.02.2019
KingSkrupellos
Low
vBulletin 4.x.x DragonByte SEO v2.0.31 Pro Open Redirection
28.02.2019
KingSkrupellos
Med.
MeteoTemplate 17.1 Nectarine windDirection Plugins 2.2 Open Redirection
27.02.2019
KingSkrupellos
Low
MeteoTemplate 17.1 Nectarine Deviations Open Redirection
26.02.2019
KingSkrupellos
Low
AsureSoftware AsureForce Time Version 12.0 Open Redirection
26.02.2019
KingSkrupellos
Med.
MeteoTemplate 17.1 Nectarine stationExtremes Plugins 2.0 Open Redirection
26.02.2019
KingSkrupellos


CVEMAP Search Results

CVE
Details
Description
2020-11-18
Waiting for details
CVE-2020-26215

Updating...
 

 
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

 
2020-11-11
Medium
CVE-2020-26219

Vendor: Touchbase.ai project
Software: Touchbase.ai
 

 
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The issue is fixed in version 2.0.

 
2020-10-26
Medium
CVE-2020-26161

Vendor: Octopus
Software: Octopus deploy
 

 
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.

 
2020-10-21
Medium
CVE-2020-3558

Vendor: Cisco
Software: Firepower ma...
 

 
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting an HTTP request from a user. A successful exploit could allow the attacker to modify the HTTP request to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

 
2020-10-15
Medium
CVE-2020-6365

Vendor: SAP
Software: Netweaver
 

 
SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits.

 
2020-10-08
Waiting for details
CVE-2020-15242

Updating...
 

 
Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4.

 
Waiting for details
CVE-2020-15241

Updating...
 

 
TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1).

 
2020-10-02
Waiting for details
CVE-2020-15234

Updating...
 

 
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1.

 
Waiting for details
CVE-2020-15233

Updating...
 

 
ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1.

 
2020-10-01
Medium
CVE-2020-15677

Vendor: Mozilla
Software: Firefox
 

 
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top