WordPress User Registration & Membership plugin <= 5.1.4 - Unauthenticated Open Redirect via 'redirect_to_on_logout' Parameter vulnerability

Unauthenticated Open Redirect via 'redirecttoonlogout' Parameter vulnerability discovered by Anthony Cihan Hann1bl3L3ct3r - Obviam in WordPress Plugin User Registration versions = 5.1.4...

PT-2026-32547

The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in versions up to and including 5.1.4. This is due to insufficient validation of user-supplied URLs passed via the 'redirect to on logout' GET parameter before redirecting users. The redirect to on logout GET...

Cross-site Scripting (XSS)

Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Cross-site Scripting XSS via the postlogoutredirect parameter in the logout process. An attacker can execute arbitrary JavaScript code in the context ...

VulnCheck KEV: CVE-2024-37656

An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php...

EUVD-2020-29782

Malware in sbrugna...

gnuboard5 安全漏洞

gnuboard5 is an application by kagla personal developer. A security vulnerability exists in gnuboard5 version 5.5.16, which stems from insufficient validation of URL parameters in bbs/logout.php and could lead to an open redirection attack...

CMSimple Cross-Site Scripting Vulnerability (CNVD-2026-00535)

CMSimple is a free content management system. A cross-site scripting vulnerability exists in CMSimple that stems from the Logout parameter in the Language section of the Settings menu not properly filtering user input. No details of the vulnerability are available at this time...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

PT-2024-25246 · Cmsimple · Cmsimple

Name of the Vulnerable Software and Affected Versions: CMSimple version 5.15 Description: A Cross-Site Scripting XSS issue in the Settings menu of CMSimple allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

Cross-Site Scripting XSS vulnerability in the Settings menu of CMSimple v5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Logout parameter under the Language section...

CVE-2024-33423

CMSimple v5.15 is affected by a Cross-Site Scripting (XSS) vulnerability in the Settings menu, specifically via the Logout parameter under Language. The root cause is insufficient input filtering, allowing an attacker to inject arbitrary web scripts/HTML. Consequences could include script executi...

mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character

An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...

mod_auth_openidc: Open Redirect in oidc_validate_redirect_url() using tab character

An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...

CVE-2022-23527

An open redirect vulnerability was found in modauthopenidc, an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. When providing a logout parameter to the redirect URI, the existing code in oidcvalidateredirecturl does not properly check for URLs that start...

CVE-2022-32195

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...

CVE-2020-8952

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter...