Total
1176 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24551 | 1 Iproom | 1 Mmc\+ | 2024-11-21 | 6.1 Medium |
| IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials. | ||||
| CVE-2020-24550 | 1 Episerver | 1 Find | 2024-11-21 | 6.1 Medium |
| An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. | ||||
| CVE-2020-23182 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 5.4 Medium |
| The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows attackers to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel. | ||||
| CVE-2020-23015 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 6.1 Medium |
| An open redirect issue was discovered in OPNsense through 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website. | ||||
| CVE-2020-22840 | 1 B2evolution | 1 B2evolution | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | ||||
| CVE-2020-21998 | 1 Homeautomation Project | 1 Homeautomation | 2024-11-21 | 6.1 Medium |
| In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter in 'api.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. | ||||
| CVE-2020-1997 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.3 Medium |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | ||||
| CVE-2020-1927 | 9 Apache, Broadcom, Canonical and 6 more | 17 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 14 more | 2024-11-21 | 6.1 Medium |
| In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | ||||
| CVE-2020-1723 | 2 Keycloak Gatekeeper Project, Redhat | 2 Keycloak Gatekeeper, Mobile Application Platform | 2024-11-21 | 6.1 Medium |
| A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.0 | ||||
| CVE-2020-1323 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. | ||||
| CVE-2020-1220 | 1 Microsoft | 9 Edge, Windows 10, Windows 7 and 6 more | 2024-11-21 | 6.1 Medium |
| A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | ||||
| CVE-2020-1059 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2024-11-21 | 4.3 Medium |
| A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | ||||
| CVE-2020-18985 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 6.1 Medium |
| An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | ||||
| CVE-2020-18660 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 6.1 Medium |
| GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. | ||||
| CVE-2020-18268 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 6.1 Medium |
| Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php." | ||||
| CVE-2020-17484 | 1 Uffizio | 1 Gps Tracker | 2024-11-21 | 6.1 Medium |
| An Open Redirection vulnerability exists in Uffizio's GPS Tracker all versions allows an attacker to construct a URL within the application that causes a redirection to an arbitrary external domain. | ||||
| CVE-2020-15677 | 4 Debian, Mozilla, Opensuse and 1 more | 8 Debian Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 6.1 Medium |
| By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | ||||
| CVE-2020-15300 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.1 Medium |
| SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. | ||||
| CVE-2020-15242 | 1 Vercel | 1 Next.js | 2024-11-21 | 4.7 Medium |
| Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4. | ||||
| CVE-2020-15241 | 1 Typo3 | 2 Fluid Engine, Typo3 | 2024-11-21 | 4.7 Medium |
| TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`. Updated versions of this package are bundled in following TYPO3 (`typo3/cms-core`) versions as well: TYPO3 v8.7.25 (using `typo3fluid/fluid` v2.5.4) and TYPO3 v9.5.6 (using `typo3fluid/fluid` v2.6.1). | ||||