Total
1048 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49438 | 1 Flask-security-too Project | 1 Flask-security-too | 2024-08-02 | 6.1 Medium |
| An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes. | ||||
| CVE-2023-49240 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-02 | 7.5 High |
| Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-49061 | 1 Mozilla | 1 Firefox | 2024-08-02 | 6.1 Medium |
| An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. This vulnerability affects Firefox for iOS < 120. | ||||
| CVE-2023-48928 | 1 Franklin-electric | 1 System Sentinel Anyware | 2024-08-02 | 6.1 Medium |
| Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||||
| CVE-2023-48815 | 1 Keking | 1 Kkfileview | 2024-08-02 | 6.1 Medium |
| kkFileView v4.3.0 is vulnerable to Incorrect Access Control. | ||||
| CVE-2024-37830 | 1 Getoutline | 1 Outline | 2024-08-02 | 4.3 Medium |
| An issue in Outline <= v0.76.1 allows attackers to redirect a victim user to a malicious site via intercepting and changing the state cookie. | ||||
| CVE-2023-48325 | 1 Pluginops | 1 Landing Page Builder | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | ||||
| CVE-2023-48003 | 1 Aspnetzero | 1 Asp.net Zero | 2024-08-02 | 6.1 Medium |
| An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages. | ||||
| CVE-2023-47779 | 1 Crmperks | 1 Integration For Constant Contact And Contact Form 7\, Wpforms\, Elementor\, Ninja | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | ||||
| CVE-2023-47548 | 1 Softlabbd | 1 Integrate Google Drive | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. | ||||
| CVE-2023-47168 | 1 Mattermost | 1 Mattermost | 2024-08-02 | 4.3 Medium |
| Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to= | ||||
| CVE-2023-46624 | 1 Parcelpro | 1 Parcel Pro | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.This issue affects Parcel Pro: from n/a through 1.6.11. | ||||
| CVE-2023-46688 | 1 Pleasanter | 1 Pleasanter | 2024-08-02 | 6.1 Medium |
| Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | ||||
| CVE-2023-45762 | 1 Michaeluno | 1 Responsive Column Widgets | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | ||||
| CVE-2023-45105 | 1 Servit | 1 Affiliate-toolkit | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit – WordPress Affiliate Plugin.This issue affects affiliate-toolkit – WordPress Affiliate Plugin: from n/a through 3.3.9. | ||||
| CVE-2023-42502 | 1 Apache | 1 Superset | 2024-08-02 | 4.8 Medium |
| An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0. | ||||
| CVE-2023-40602 | 1 Doofinder | 1 Doofinder | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 1.5.49. | ||||
| CVE-2023-39364 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2024-08-02 | 3.5 Low |
| Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-38481 | 1 Crmperks | 1 Integration For Woocommerce And Zoho Crm\, Books\, Invoice\, Inventory\, Bigin | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.This issue affects Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin: from n/a before 1.3.7. | ||||
| CVE-2023-38478 | 1 Crmperks | 1 Integration For Woocommerce And Quickbooks | 2024-08-02 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.This issue affects Integration for WooCommerce and QuickBooks: from n/a through 1.2.3. | ||||