映射到 CWE-601 的搜索结果 (81)

CVE-2016-4859(发布:2017-05-12 14:29:00)NM
CVSS5.8

[原文]Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.3 allows to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVE-2016-4075(发布:2017-04-20 22:59:00)NMS
CVSS5.8

[原文]Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.

CVE-2016-1213(发布:2017-04-20 14:59:00)NMS
CVSS5.8

[原文]The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites.

CVE-2016-0228(发布:2017-04-17 17:59:00)NMS
CVSS4.9

[原文]IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 110236.

CVE-2016-4334(发布:2017-04-09 23:59:01)NM
CVSS5.8

[原文]Jive before 2016.3.1 has an open redirect from the external-link.jspa page.

CVE-2017-7233(发布:2017-04-04 13:59:00)NMPS
CVSS5.8

[原文]Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they shouldn't be, aka an open redirect vulnerability. Also, if a developer relies on ``is_safe_url()`` to provide safe redirect targets and puts such a URL into a link, they could suffer from an XSS attack.

首页上一页7891011121314下一页尾页 第10页 / 共14页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站