Total
1118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15776 | 1 Webcraftic | 1 Simple 301 Redirects-addon-bulk Uploader | 2024-11-21 | N/A |
| The simple-301-redirects-addon-bulk-uploader plugin before 1.2.5 for WordPress has no protection against 301 redirect rule injection via a CSV file. | ||||
| CVE-2019-15775 | 1 Learning Courses Project | 1 Learning Courses | 2024-11-21 | N/A |
| The nd-learning plugin before 4.8 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15774 | 1 Booking Project | 1 Booking | 2024-11-21 | N/A |
| The nd-booking plugin before 2.5 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15773 | 1 Travel Management Project | 1 Travel Management | 2024-11-21 | N/A |
| The nd-travel plugin before 1.7 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15772 | 1 Donations Project | 1 Donations | 2024-11-21 | N/A |
| The nd-donations plugin before 1.4 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15771 | 1 Components For Wp Bakery Page Builder Project | 1 Components For Wp Bakery Page Builder | 2024-11-21 | N/A |
| The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting. | ||||
| CVE-2019-15688 | 1 Kaspersky | 5 Anti-virus, Internet Security, Security Cloud and 2 more | 2024-11-21 | 6.1 Medium |
| Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, Kaspersky Small Office Security, Kaspersky Security Cloud up to 2020, the web protection component did not adequately inform the user about the threat of redirecting to an untrusted site. Bypass. | ||||
| CVE-2019-15073 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 6.1 Medium |
| An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of governments, organizations, companies and universities. | ||||
| CVE-2019-15041 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 6.1 Medium |
| JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere. | ||||
| CVE-2019-14912 | 1 Prise | 1 Adas | 2024-11-21 | 6.1 Medium |
| An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie. | ||||
| CVE-2019-14882 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.1 Medium |
| A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page. | ||||
| CVE-2019-14857 | 2 Openidc, Redhat | 2 Mod Auth Openidc, Enterprise Linux | 2024-11-21 | 6.1 Medium |
| A flaw was found in mod_auth_openidc before version 2.4.0.1. An open redirect issue exists in URLs with trailing slashes similar to CVE-2019-3877 in mod_auth_mellon. | ||||
| CVE-2019-14831 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.1 Medium |
| A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where forum subscribe link contained an open redirect if forced subscription mode was enabled. If a forum's subscription mode was set to "forced subscription", the forum's subscribe link contained an open redirect. | ||||
| CVE-2019-14830 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.1 Medium |
| A vulnerability was found in Moodle 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where the mobile launch endpoint contained an open redirect in some circumstances, which could result in a user's mobile access token being exposed. (Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app"). | ||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | ||||
| CVE-2019-14223 | 1 Alfresco | 1 Alfresco | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious website over any protocol the attacker desires (e.g.,http, https, ftp, smb, etc.). | ||||
| CVE-2019-13422 | 1 Search-guard | 1 Search Guard | 2024-11-21 | N/A |
| Search Guard Kibana Plugin versions before 5.6.8-7 and before 6.x.y-12 had an issue that an attacker can redirect the user to a potentially malicious site upon Kibana login. | ||||
| CVE-2019-13175 | 1 Readthedocs | 1 Read The Docs | 2024-11-21 | N/A |
| Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. This affects private instances of Read the Docs (in addition to the public readthedocs.org web sites). | ||||
| CVE-2019-13038 | 5 Canonical, Fedoraproject, Mod Auth Mellon Project and 2 more | 5 Ubuntu Linux, Fedora, Mod Auth Mellon and 2 more | 2024-11-21 | 6.1 Medium |
| mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | ||||
| CVE-2019-12783 | 1 Verint | 1 Impact 360 | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the rd parameter can accept a URL, to which users will be redirected after a successful login. In conjunction with CVE-2019-12784, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. | ||||