Lucene search
K

977282 matches found

Nuclei
Nuclei
added yesterday263 views

PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting

PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header. id: CVE-2022-24181 info: name: PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting author: lucasljm2001,ekrause severit...

6.1CVSS6.7AI score0.0608EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday107 views

OX Appsuite - Cross-Site Scripting

OX App Suite through 7.10.4 allows XSS via the app loading mechanism the PATHINFO to the /appsuite URI. id: CVE-2020-24701 info: name: OX Appsuite - Cross-Site Scripting author: DhiyaneshDk severity: medium description: | OX App Suite through 7.10.4 allows XSS via the app loading mechanism the...

6.1CVSS6.4AI score0.06788EPSS
Exploits3References5
Nuclei
Nuclei
added yesterday157 views

Caddy 2.4.6 - Open Redirect

Caddy 2.4.6 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site via a crafted URL and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2022-28923 info: name: Caddy 2.4.6 - Open Redirect author: Sascha...

6.1CVSS6.7AI score0.01431EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday52 views

Noptin < 1.6.5 - Open Redirect

Noptin 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the "to" parameter before redirecting the user to its given value, leading to an open redirect issue. id: CVE-2021-25033 info: name: Noptin 1.6.5 - Open Redirect author: dhiyaneshDk severity: medium...

6.1CVSS6.4AI score0.02682EPSS
Exploits2References4
Nuclei
Nuclei
added yesterday110 views

Cisco Small Business 200,300 and 500 Series Switches - Open Redirect

Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-1943 info: name: Cisco Small...

6.1CVSS6.2AI score0.1051EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday44 views

Optergy Proton/Enterprise Building Management System - Open Redirect

Optergy Proton/Enterprise Building Management System contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2019-7275 info: name: Optergy Proton/Enterprise...

6.1CVSS6.8AI score0.09087EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday42 views

Seagate NAS OS 4.3.15.1 - Open Redirect

Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. id: CVE-2018-12300 info: name: Seagate NAS OS 4.3.15.1 - Open Redirect author: 0xAkoko severity: medium...

6.1CVSS6.3AI score0.02698EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday45 views

DotCMS < 5.0.2 - Open Redirect

dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...

6.1CVSS6.3AI score0.03717EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday33 views

Flarum < 1.8.5 - Open Redirect

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

6.5CVSS6.3AI score0.01067EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday83 views

Travelpayouts <= 1.1.16 - Open Redirect

The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayoutsredirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. id: CVE-2024-0337...

6.1CVSS6AI score0.00891EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday39 views

Twisted - Open Redirect & XSS

Twisted is an event-based framework for internet applications, supporting Python 3.6+. The Twisted web framework's redirectTo function is vulnerable to reflected XSS if an attacker can control the redirect URL. This template tests for an open redirect and XSS vulnerability in the URL parameter...

6.1CVSS6.2AI score0.01176EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday42 views

WordPress Themify Builder < 7.5.8 - Open Redirect

The Themify Builder WordPress plugin before version 7.5.8 contains an open redirect vulnerability. The plugin does not validate the tbredirectfail parameter before redirecting users to its value, which could allow attackers to redirect users to malicious websites. id: CVE-2024-3032 info: name:...

6.1CVSS5.9AI score0.00823EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday52 views

Gradio - Open Redirect

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting XSS, Server-Side Request Forgery SSRF, amongst others. This...

6.1CVSS6.2AI score0.01021EPSS
Exploits1References1
Nuclei
Nuclei
added yesterday11 views

JumpServer - Open Redirect via Referer Header

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.19 and v4.10.5, The /core/i18n// endpoint uses the Referer header as the redirection target without proper validation, which could lead to an Open Redirect vulnerability. id:...

6.9CVSS5.9AI score0.00442EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday73 views

Cacti < 1.2.25 Insecure Deserialization

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. id: CVE-2023-30534 info: name: Cacti 1.2.25 Insecure Deserialization author: k0pak4 severity: medium description: | Cacti is an open source...

4.3CVSS6.7AI score0.02569EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday58 views

PrivateGPT < 0.5.0 - Open Redirect

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. id: CVE-2024-5936 info: name:...

6.1CVSS6AI score0.28925EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday23 views

WP Content Copy Protection & No Right Click - Open Redirect

The WP Content Copy Protection & No Right Click plugin before version 15.3 contains an open-redirect vulnerability via the referrer parameter in no-js.php, allowing redirection of users to external sites. id: CVE-2024-6690 info: name: WP Content Copy Protection & No Right Click - Open Redirect...

6.1CVSS5.9AI score0.00473EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday93 views

Keycloak - Open Redirect

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially...

6.1CVSS6AI score0.01959EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday67 views

Zitadel - User Registration Bypass

The open-source identity infrastructure software Zitadel allows administrators to disable the user self-registration. Due to a missing security check in versions prior to 2.64.0, 2.63.5, 2.62.7, 2.61.4, 2.60.4, 2.59.5, and 2.58.7, disabling the "User Registration allowed" option only hid the...

7.5CVSS7.1AI score0.02572EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday10 views

User Registration & Membership WordPress plugin - Open Redirect

User Registration & Membership WordPress plugin = 5.1.4 contains an open redirect caused by insufficient validation of 'redirecttoonlogout' parameter, letting attackers redirect users to malicious external URLs after logout, exploit requires crafted URL. id: CVE-2026-6203 info: name: User...

6.1CVSS5.9AI score0.00663EPSS
Exploits0References2
Rows per page
Query Builder