Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect via the redir parameter when using subrequest authentication mode. An attacker can cause users to be redirected to arbitrary URLs by supplying crafted values to the redir parameter, potentially triggering dangerous...

Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

Summary When using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to javascript: URLs, it could still trigger dangerous behavior in some cases. GET...

EUVD-2007-5452

Malware in sbrugna...

SUSE CVE-2025-61587

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

CVE-2025-61587

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

CVE-2025-61587 Weblate integration with Anubis can lead to Open Redirect via redir parameter

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

Weblate 安全漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. A security vulnerability exists in Weblate 5.13.2 and earlier versions, which stems from the presence of an open redirect in the redir parameter that could result in a redirect to an attacker-controlled site...

CVE-2022-41334

An improper neutralization of input during web page generation CWE-79 vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting XSS attack via the "redir" parameter of the URL seen when the "Sign in with...

Fortinet Fortigate xss (FG-IR-22-224)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-224 advisory. - An improper neutralization of input during web page generation CWE-79 vulnerability in FortiOS versions 7.0.0 to 7.0.7 and...

CVE-2022-41334

An improper neutralization of input during web page generation CWE-79 vulnerability in FortiOS versions 7.0.0 to 7.0.7 and 7.2.0 to 7.2.3 may allow a remote, unauthenticated attacker to launch a cross site scripting XSS attack via the "redir" parameter of the URL seen when the "Sign in with...

FortiWeb Format String Vulnerability

FortiWeb is a Web Application Firewall WAF that protects hosted web applications from attacks targeting known and unknown vulnerabilities. A format string vulnerability exists in FortiWeb 6.3.0 - 6.3.5. A remote attacker can exploit this vulnerability to read the contents of memory and retrieve...

CVE-2020-29018

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...

CVE-2020-29018

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...

CVE-2020-29018

A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...

Fortinet FortiWeb 格式化字符串错误漏洞

FortiWeb is a Web Application Firewall WAF that protects hosted web applications from attacks targeting known and unknown vulnerabilities. A format string vulnerability exists in FortiWeb 6.3.0 - 6.3.5. A remote attacker can exploit this vulnerability to read the contents of memory and retrieve...

FortiWeb is vulnerable to a Format string vulnerability

A format string vulnerability in FortiWeb may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter...

The vulnerability in the FortiOS operating system’s web interface arises from the lack of protective measures for the web page structure, allowing attackers to inject arbitrary JavaScript or HTML code.

The vulnerability in the FortiOS operating system’s web interface arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using a specially crafted value for the “redir” parameter...

The vulnerability in the FortiOS operating system’s web portal allows a hacker to inject any desired JavaScript or HTML code.

The vulnerability of the FortiOS operating system’s web portal stems from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code using a specially crafted value for the “redir” parameter...

CVE-2012-6346

Multiple cross-site scripting XSS vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the 1 redir or 2 mkey parameter to waf/pcreexpression/validate...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the 1 redir or 2 mkey parameter to waf/pcreexpression/validate...