Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1010290 | 1 Cmsmadesimple | 1 Bable\ | 2024-08-05 | N/A |
| Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a "newurl" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing. | ||||
| CVE-2019-20479 | 5 Debian, Fedoraproject, Openidc and 2 more | 5 Debian Linux, Fedora, Mod Auth Openidc and 2 more | 2024-08-05 | 6.1 Medium |
| A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | ||||
| CVE-2019-20225 | 1 Mybb | 1 Mybb | 2024-08-05 | 6.1 Medium |
| MyBB before 1.8.22 allows an open redirect on login. | ||||
| CVE-2019-19775 | 1 Zulip | 1 Zulip Server | 2024-08-05 | 6.1 Medium |
| The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | ||||
| CVE-2019-19703 | 1 Jetbrains | 1 Ktor | 2024-08-05 | 6.1 Medium |
| In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | ||||
| CVE-2019-19709 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-08-05 | 6.1 Medium |
| MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | ||||
| CVE-2019-19613 | 1 Halvotec | 1 Raquest | 2024-08-05 | 5.2 Medium |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. The login page of the admin application is vulnerable to an Open Redirect attack allowing an attacker to redirect a user to a malicious site after authentication. The attacker needs to be on the same network to modify the victim's request on the wire. Fixed in Release 24.2020.20608.0 | ||||
| CVE-2019-19484 | 1 Centreon | 1 Centreon | 2024-08-05 | 6.1 Medium |
| Open redirect via parameter āpā in login.php in Centreon (19.04.4 and below) allows an attacker to craft a payload and execute unintended behavior. | ||||
| CVE-2019-18815 | 1 Popojicms | 1 Popojicms | 2024-08-05 | 6.1 Medium |
| PopojiCMS 2.0.1 allows refer= Open Redirection. | ||||
| CVE-2019-18781 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-08-05 | 6.1 Medium |
| An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | ||||
| CVE-2019-18451 | 1 Gitlab | 1 Gitlab | 2024-08-05 | 6.1 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition 10.7.4 through 12.4 in the InternalRedirect filtering feature. It has an Open Redirect. | ||||
| CVE-2019-17151 | 1 Tencent | 1 Wechat | 2024-08-05 | 5.4 Medium |
| This vulnerability allows remote attackers redirect users to an external resource on affected installations of Tencent WeChat Prior to 7.0.9. User interaction is required to exploit this vulnerability in that the target must be within a chat session together with the attacker. The specific flaw exists within the parsing of a users profile. The issue lies in the failure to properly validate a users name. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9302. | ||||
| CVE-2019-16393 | 3 Canonical, Debian, Spip | 3 Ubuntu Linux, Debian Linux, Spip | 2024-08-05 | 6.1 Medium |
| SPIP before 3.1.11 and 3.2 before 3.2.5 mishandles redirect URLs in ecrire/inc/headers.php with a %0D, %0A, or %20 character. | ||||
| CVE-2019-15818 | 1 Webcraftic | 1 Simple 301 Redirects | 2024-08-05 | N/A |
| The simple-301-redirects-addon-bulk-uploader plugin through 1.2.4 for WordPress has no requirement for authentication for action=bulk301export or action=bulk301clearlist. | ||||
| CVE-2019-15820 | 1 Login Or Logout Menu Item Project | 1 Login Or Logout Menu Item | 2024-08-05 | N/A |
| The login-or-logout-menu-item plugin before 1.2.0 for WordPress has no requirement for lolmi_save_settings authentication. | ||||
| CVE-2019-15773 | 1 Travel Management Project | 1 Travel Management | 2024-08-05 | N/A |
| The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-08-05 | N/A |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | ||||
| CVE-2019-15772 | 1 Donations Project | 1 Donations | 2024-08-05 | N/A |
| The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15771 | 1 Components For Wp Bakery Page Builder Project | 1 Components For Wp Bakery Page Builder | 2024-08-05 | N/A |
| The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15688 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-08-05 | 6.1 Medium |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. | ||||