映射到 CWE-601 的搜索结果 (66)
[原文]Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.
[原文]F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.
[原文]A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.
[原文]Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 111692.
[原文]SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL.
[原文]Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.