17390 matches found
CVE-2026-57963
The CVE describes a vulnerability in Thunderbird’s chat UI where an attacker who can send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. Affected product: Thunderbird (chat UI component). Root cause: HTML/CSS cont...
EUVD-2026-40862
An attacker who can send HTML chat messages via Matrix or XMPP can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. This vulnerability was fixed in Thunderbird 152.0.1 and Thunderbird 140.12.1...
EUVD-2026-40419
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...
CVE-2026-58450
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login that allows unauthenticated attackers to redirect authenticated victims to attacker-controlled external URLs by injecting a malicious value into the intended query parameter. Attackers can craft a...
CVE-2026-6954 Multiple vulnerabilities in Intermark IT's WebControl CMS
Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...
CVE-2026-6954
Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...
EUVD-2026-40271
Cross-Site Scripting XSS vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or inject a dynamic iframe into the victim’s browser by sending a malicious URL via the 'urlDestino' parameter in '/portal.do'. This vulnerability can be...
Mailcow < 2026-03b - Href Link Injection
mailcow 2026-03b reflects raw REQUESTURI into JavaScript and href links on the login page, allowing attackers to inject parameters that break JS logic and enable phishing. id: CVE-2026-40878 info: name: Mailcow 2026-03b - Href Link Injection author: ritikchaddha severity: low description: | mailc...
Babel - Open Redirect
Babel contains an open redirect vulnerability via redirect.php in the newurl parameter. An attacker can use any legitimate site using Babel to redirect user to a malicious site, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations. id:...
Eventum <3.4.0 - Open Redirect
Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-16761 info: name: Eventum 3.4.0 - Open Redirect author: 0xAkoko severity:...
WebsitePanel before v1.2.2.1 - Open Redirect
Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx id: CVE-2012-4032 info: name: WebsitePanel before v1.2.2.1 - Open Redirect author:...
Nova noVNC - Open Redirect
Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-3654 info: name: Nova noVNC - Open Redirect author: geeknik severity: medium...
TikiWiki CMS Groupware v8.3 - Open Redirect
tiki-featuredlink.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection id: CVE-2012-5321 info: name: TikiWiki CMS Groupware v8.3 - Open Redirect author: ctflearner severity:...
DotCMS < 5.0.2 - Open Redirect
dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forwardjs.jsp FORWARDURL parameter or the html/portlet/ext/common/pagepreviewpopup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify...
GLPI <9.4.6 - Open Redirect
GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. id: CVE-2020-11034 info: name: GLPI 9.4.6 - Open Redirect author: pikpikcu severity: medium description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp. impact: | An attacker can exploit this...
Stable Diffusion Webui 1.10.0 - Open Redirect
An open redirect vulnerability exists in Stable-Diffusion-Webui 1.10.0, where the file parameter in the /file= endpoint can be manipulated to redirect users to malicious websites. This could facilitate phishing attacks by tricking users into visiting attacker-controlled URLs. id: CVE-2024-11044...
Rudloff alltube prior to 3.0.1 - Open Redirect
An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1. id: CVE-2022-0692 info: name: Rudloff alltube prior to 3.0.1 - Open Redirect...
LabKey Server Community Edition <18.3.0 - Open Redirect
LabKey Server Community Edition before 18.3.0-61806.763 contains an open redirect vulnerability via the /r1/ returnURL parameter, which allows an attacker to redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id:...
ServiceNow - Cross-site Scripting
A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...
WordPress AcyMailing <7.5.0 - Open Redirect
WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user. id: CVE-2021-24288...