Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
open redirect vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-6316
core/string_api.php in MantisBT prior to 1.2.18 does not properly categorize URLs when running under the web root, which allows remote malicious users to conduct open redirect and phishing attacks via a crafted URL in the return parameter to login_page.php.
Mantisbt Mantisbt
8.8
CVSSv3
CVE-2019-12784
An issue exists in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by malicious users to "crowdsource" bruteforce login attempts on the target site, allowin...
Verint Impact 360 15.1
NA
CVE-2015-3897
Directory traversal vulnerability in Bonita BPM Portal prior to 6.5.3 allows remote malicious users to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
6.1
CVSSv3
CVE-2015-3898
Multiple open redirect vulnerabilities in Bonita BPM Portal prior to 6.5.3 allow remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.
Bonitasoft Bonita Bpm Portal
1 EDB exploit
4.8
CVSSv3
CVE-2021-34763
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an malicious user to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the De...
Cisco Firepower Management Center Virtual Appliance 6.1.0
Cisco Firepower Management Center Virtual Appliance 6.2.0
Cisco Firepower Management Center Virtual Appliance 6.2.3
Cisco Sourcefire Defense Center 6.4.0
Cisco Sourcefire Defense Center 6.5.0
Cisco Sourcefire Defense Center 6.6.0
Cisco Firepower Threat Defense
Cisco Firepower Management Center Virtual Appliance 6.3.0
Cisco Sourcefire Defense Center 6.1.0
Cisco Sourcefire Defense Center 6.2.0
Cisco Sourcefire Defense Center 6.2.3
Cisco Sourcefire Defense Center 6.3.0
Cisco Sourcefire Defense Center 7.1.0
Cisco Firepower Management Center Virtual Appliance 7.1.0
Cisco Sourcefire Defense Center 6.6.1
Cisco Sourcefire Defense Center 6.7.0
Cisco Sourcefire Defense Center 7.0.0
Cisco Firepower Management Center Virtual Appliance 6.4.0
Cisco Firepower Management Center Virtual Appliance 6.5.0
Cisco Firepower Management Center Virtual Appliance 6.6.0
Cisco Firepower Management Center Virtual Appliance 6.6.1
Cisco Firepower Management Center Virtual Appliance 6.7.0
6.1
CVSSv3
CVE-2021-34764
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an malicious user to execute a cross-site scripting (XSS) attack or an open redirect attack. For more information about these vulnerabilities, see the De...
Cisco Firepower Management Center Virtual Appliance 6.1.0
Cisco Firepower Management Center Virtual Appliance 6.2.0
Cisco Firepower Management Center Virtual Appliance 6.2.3
Cisco Sourcefire Defense Center 6.4.0
Cisco Sourcefire Defense Center 6.5.0
Cisco Sourcefire Defense Center 6.6.0
Cisco Firepower Threat Defense
Cisco Firepower Management Center Virtual Appliance 6.3.0
Cisco Sourcefire Defense Center 6.1.0
Cisco Sourcefire Defense Center 6.2.0
Cisco Sourcefire Defense Center 6.2.3
Cisco Sourcefire Defense Center 6.3.0
Cisco Sourcefire Defense Center 7.1.0
Cisco Firepower Management Center Virtual Appliance 7.1.0
Cisco Sourcefire Defense Center 6.6.1
Cisco Sourcefire Defense Center 6.7.0
Cisco Sourcefire Defense Center 7.0.0
Cisco Firepower Management Center Virtual Appliance 6.4.0
Cisco Firepower Management Center Virtual Appliance 6.5.0
Cisco Firepower Management Center Virtual Appliance 6.6.0
Cisco Firepower Management Center Virtual Appliance 6.6.1
Cisco Firepower Management Center Virtual Appliance 6.7.0
NA
CVE-2012-1023
Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter.
4homepages 4images 1.7.10
1 EDB exploit
6.1
CVSSv3
CVE-2021-22872
Revive Adserver prior to 5.1.0 is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the publicly accessible afr.php delivery script. While this issue was previously addressed in modern browsers as CVE-2020-8115, some older browsers (e.g., IE10) that do not au...
Revive-adserver Revive Adserver
6.8
CVSSv3
CVE-2016-5304
Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Symantec Endpoint Protection Manager
1 EDB exploit
4.8
CVSSv3
CVE-2021-22871
Revive Adserver prior to 5.1.0 permits any user with a manager account to store possibly malicious content in the URL website property, which is then displayed unsanitized in the affiliate-preview.php tag generation screen, leading to a persistent cross-site scripting (XSS) vulne...
Revive-adserver Revive Adserver
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »