Total
1118 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-1736 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | N/A |
| IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 147906. | ||||
| CVE-2018-1704 | 1 Ibm | 2 Platform Symphony, Spectrum Symphony | 2024-11-21 | N/A |
| IBM Platform Symphony 7.1 Fix Pack 1 and 7.1.1 and IBM Spectrum Symphony 7.1.2 and 7.2.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 146339. | ||||
| CVE-2018-1654 | 1 Ibm | 1 Curam Social Program Management | 2024-11-21 | N/A |
| IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747. | ||||
| CVE-2018-1355 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A |
| An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an authenticated user into generating a PDF file containing injected malicious URLs. | ||||
| CVE-2018-1251 | 1 Dell | 3 Emc Unity, Emc Unity Firmware, Emc Unityvsa | 2024-11-21 | N/A |
| Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a maliciously crafted Unisphere URL. Attacker could potentially phish information, including Unisphere users' credentials, from the victim once they are redirected. | ||||
| CVE-2018-1248 | 1 Rsa | 1 Authentication Manager | 2024-11-21 | N/A |
| RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains. | ||||
| CVE-2018-1220 | 1 Emc | 1 Rsa Archer | 2024-11-21 | N/A |
| EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users. | ||||
| CVE-2018-19796 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | N/A |
| An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | ||||
| CVE-2018-19790 | 3 Debian, Fedoraproject, Sensiolabs | 3 Debian Linux, Fedora, Symfony | 2024-11-21 | N/A |
| An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restrictions and effectively redirect the user to any domain after login. | ||||
| CVE-2018-19106 | 1 Avinetworks | 1 Avi Vantage | 2024-11-21 | N/A |
| Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. | ||||
| CVE-2018-18288 | 1 Crushftp | 1 Crushftp | 2024-11-21 | 6.1 Medium |
| CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. | ||||
| CVE-2018-17948 | 1 Microfocus | 1 Access Manager | 2024-11-21 | N/A |
| An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | ||||
| CVE-2018-17870 | 1 Btiteam | 1 Xbtit | 2024-11-21 | N/A |
| An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683. | ||||
| CVE-2018-17422 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | ||||
| CVE-2018-17074 | 1 Feed Statistics Project | 1 Feed Statistics | 2024-11-21 | N/A |
| The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter. | ||||
| CVE-2018-16954 | 1 Oracle | 1 Webcenter Interaction | 2024-11-21 | N/A |
| An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support. | ||||
| CVE-2018-16761 | 1 Eventum Project | 1 Eventum | 2024-11-21 | N/A |
| Eventum before 3.4.0 has an open redirect vulnerability. | ||||
| CVE-2018-16191 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | N/A |
| Open redirect vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE 3.0.1, EC-CUBE 3.0.2, EC-CUBE 3.0.3, EC-CUBE 3.0.4, EC-CUBE 3.0.5, EC-CUBE 3.0.6, EC-CUBE 3.0.7, EC-CUBE 3.0.8, EC-CUBE 3.0.9, EC-CUBE 3.0.10, EC-CUBE 3.0.11, EC-CUBE 3.0.12, EC-CUBE 3.0.12-p1, EC-CUBE 3.0.13, EC-CUBE 3.0.14, EC-CUBE 3.0.15, EC-CUBE 3.0.16) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2018-16174 | 1 Thimpress | 1 Learnpress | 2024-11-21 | N/A |
| Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2018-15798 | 1 Pivotal Software | 1 Concourse | 2024-11-21 | N/A |
| Pivotal Concourse Release, versions 4.x prior to 4.2.2, login flow allows redirects to untrusted websites. A remote unauthenticated attacker could convince a user to click on a link using the oAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. | ||||