977282 matches found
PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting
PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...
OX Appsuite - Cross-Site Scripting
OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...
Caddy 2.4.6 - Open Redirect
Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-28923 info: name: Caddy 2.4.6 - Open Redirect author: Sascha...
Noptin < 1.6.5 - Open Redirect
Noptin 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue. id: CVE-2021-25033 info: name: Noptin 1.6.5 - Open Redirect author: dhiyaneshDk severity: medium...
Cisco Small Business 200,300 and 500 Series Switches - Open Redirect
Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-1943 info: name: Cisco Small...
Optergy Proton/Enterprise Building Management System - Open Redirect
Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-7275 info: name: Optergy Proton/Enterprise...
Seagate NAS OS 4.3.15.1 - Open Redirect
Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. id: CVE-2018-12300 info: name: Seagate NAS OS 4.3.15.1 - Open Redirect author: 0xAkoko severity: medium...
DotCMS < 5.0.2 - Open Redirect
dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...
Flarum < 1.8.5 - Open Redirect
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...
Travelpayouts <= 1.1.16 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...
Twisted - Open Redirect & XSS
Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...
WordPress Themify Builder < 7.5.8 - Open Redirect
The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...
Gradio - Open Redirect
An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...
JumpServer - Open Redirect via Referer Header
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. id:...
Cacti < 1.2.25 Insecure Deserialization
Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...
PrivateGPT < 0.5.0 - Open Redirect
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. id: CVE-2024-5936 info: name:...
WP Content Copy Protection & No Right Click - Open Redirect
The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...
Keycloak - Open Redirect
A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...
Zitadel - User Registration Bypass
The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...
User Registration & Membership WordPress plugin - Open Redirect
User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...