Total
1047 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20264 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-08-02 | 6.1 Medium |
| A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network. | ||||
| CVE-2023-6552 | 1 Tasmoadmin | 1 Tasmoadmin | 2024-08-02 | 6.1 Medium |
| Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability. | ||||
| CVE-2023-6389 | 1 Abhinavsingh | 1 Wordpress Toolbar | 2024-08-02 | 6.1 Medium |
| The WordPress Toolbar WordPress plugin through 2.2.6 redirects to any URL via the "wptbto" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. | ||||
| CVE-2023-5986 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-08-02 | 8.2 High |
| A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. | ||||
| CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-08-02 | 8.2 High |
| A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | ||||
| CVE-2023-5610 | 1 S-sols | 1 Seraphinite Accelerator | 2024-08-02 | 5.4 Medium |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | ||||
| CVE-2023-5445 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-08-02 | 5.4 Medium |
| An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server. | ||||
| CVE-2023-5190 | 2024-08-02 | 6.1 Medium | ||
| Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter. | ||||
| CVE-2023-4965 | 1 Phpipam | 1 Phpipam | 2024-08-02 | 2.7 Low |
| A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732. | ||||
| CVE-2023-3771 | 1 T1 Project | 1 T1 | 2024-08-02 | 6.1 Medium |
| The T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites. | ||||
| CVE-2023-3684 | 1 Livelyworks | 1 Articart | 2024-08-02 | 3.5 Low |
| A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-3515 | 1 Gitea | 1 Gitea | 2024-08-02 | 4.4 Medium |
| Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. | ||||
| CVE-2023-3139 | 1 Wp-experts | 1 Protect Wp Admin | 2024-08-02 | 6.1 Medium |
| The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. | ||||
| CVE-2023-2000 | 1 Mattermost | 1 Mattermost Desktop | 2024-08-02 | 5.4 Medium |
| Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website | ||||
| CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2024-08-02 | 6.4 Medium |
| Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||
| CVE-2023-0681 | 1 Rapid7 | 1 Insightvm | 2024-08-02 | 4.3 Medium |
| Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. | ||||
| CVE-2023-0155 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 5.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown | ||||
| CVE-2023-0042 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 6.1 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. | ||||
| CVE-2024-21723 | 2024-08-02 | N/A | ||
| Inadequate parsing of URLs could result into an open redirect. | ||||
| CVE-2024-37881 | 1 Eg Secure Solutions | 1 Siteguard | 2024-08-02 | 5.3 Medium |
| SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed. | ||||