Total
1050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9995 | 1 Apple | 1 Macos Server | 2024-08-04 | 6.1 Medium |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting. | ||||
| CVE-2020-8430 | 1 Stormshield | 1 Stormshield Network Security | 2024-08-04 | 6.1 Medium |
| Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerability on the captive portal. For example, the attacker can use rurl=//example.com instead of rurl=https://example.com in the query string. | ||||
| CVE-2020-8143 | 1 Revive-adserver | 1 Revive Adserver | 2024-08-04 | 6.1 Medium |
| An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144. A remote attacker could trick logged-in users to open a specifically crafted link and have them redirected to any destination.The CSRF protection of the “/www/admin/*-modify.php” could be skipped if no meaningful parameter was sent. No action was performed, but the user was still redirected to the target page, specified via the “returnurl” GET parameter. | ||||
| CVE-2020-7936 | 1 Plone | 1 Plone | 2024-08-04 | 6.1 Medium |
| An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site. | ||||
| CVE-2020-7520 | 1 Schneider-electric | 1 Software Update Utility | 2024-08-04 | 4.7 Medium |
| A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Electric Software Update (SESU), V2.4.0 and prior, which could cause execution of malicious code on the victim's machine. In order to exploit this vulnerability, an attacker requires privileged access on the engineering workstation to modify a Windows registry key which would divert all traffic updates to go through a server in the attacker's possession. A man-in-the-middle attack is then used to complete the exploit. | ||||
| CVE-2020-6803 | 1 Mozilla | 1 Webthings Gateway | 2024-08-04 | 5.4 Medium |
| An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | ||||
| CVE-2020-6365 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 6.1 Medium |
| SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. The attacker could execute phishing attacks to steal credentials of the victim or to redirect users to untrusted web pages containing malware or similar malicious exploits. | ||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2024-08-04 | 5.4 Medium |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | ||||
| CVE-2020-6223 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 6.1 Medium |
| The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing. | ||||
| CVE-2020-6215 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2024-08-04 | 6.1 Medium |
| SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | ||||
| CVE-2020-6211 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-08-04 | 6.1 Medium |
| SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | ||||
| CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2024-08-04 | 6.1 Medium |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | ||||
| CVE-2020-5623 | 1 Nitori | 1 Nitori | 2024-08-04 | 6.1 Medium |
| NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2020-5733 | 1 Openmrs | 1 Openmrs | 2024-08-04 | 6.1 Medium |
| In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information. | ||||
| CVE-2020-5732 | 1 Openmrs | 1 Openmrs | 2024-08-04 | 6.1 Medium |
| In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators. | ||||
| CVE-2020-5627 | 1 Yodobashi | 1 Yodobashi | 2024-08-04 | 6.1 Medium |
| Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2020-5607 | 1 Ss-proj | 1 Shirasagi | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2020-5541 | 1 Cybersolutions | 1 Cybermail | 2024-08-04 | 6.1 Medium |
| Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL. | ||||
| CVE-2020-5270 | 1 Prestashop | 1 Prestashop | 2024-08-04 | 4.1 Medium |
| In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5 | ||||
| CVE-2020-5233 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-08-04 | 5.9 Medium |
| OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. | ||||