Total
1118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13486 | 1 Verbb | 1 Knock Knock | 2024-11-21 | 6.1 Medium |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | ||||
| CVE-2020-13121 | 1 Rcos | 1 Submitty | 2024-11-21 | 6.1 Medium |
| Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. | ||||
| CVE-2020-12699 | 1 Dkd | 1 Direct Mail | 2024-11-21 | 6.1 Medium |
| The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. | ||||
| CVE-2020-12666 | 3 Fedoraproject, Go-macaron, Redhat | 3 Fedora, Macaron, Service Mesh | 2024-11-21 | 6.1 Medium |
| macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL. | ||||
| CVE-2020-12483 | 1 Vivo | 1 Appstore | 2024-11-21 | 8.2 High |
| The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters. | ||||
| CVE-2020-12412 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. | ||||
| CVE-2020-12283 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | 6.1 Medium |
| Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. | ||||
| CVE-2020-11882 | 1 Telefonica | 1 O2 Business | 2024-11-21 | 6.1 Medium |
| The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. | ||||
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | ||||
| CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | ||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | ||||
| CVE-2020-11611 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 6.1 Medium |
| An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends. | ||||
| CVE-2020-11529 | 1 Getgrav | 1 Grav | 2024-11-21 | 6.1 Medium |
| Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. | ||||
| CVE-2020-11515 | 1 Rankmath | 1 Seo | 2024-11-21 | 6.1 Medium |
| The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). | ||||
| CVE-2020-11053 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-11-21 | 7.1 High |
| In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. However, by crafting a redirect URL with HTML encoded whitespace characters the validation could be bypassed and allow a redirect to any URL provided. This has been patched in 5.1.1. | ||||
| CVE-2020-11034 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.1 Medium |
| In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. | ||||
| CVE-2020-10959 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. | ||||
| CVE-2020-10775 | 2 Oracle, Redhat | 3 Virtualization, Ovirt-engine, Rhev Manager | 2024-11-21 | 5.3 Medium |
| An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows remote attackers to redirect users to arbitrary web sites and attempt phishing attacks. Once the target has opened the malicious URL in their browser, the critical part of the URL is no longer visible. The highest threat from this vulnerability is on confidentiality. | ||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2024-11-21 | N/A |
| GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | ||||
| CVE-2019-9837 | 1 Openid | 1 Openid Connect | 2024-11-21 | N/A |
| Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. | ||||