映射到 CWE-601 的搜索结果 (76)

CVE-2018-8937(发布:2018-03-26 13:29:00)NM
CVSS5.8

[原文]An issue was discovered in Open-AudIT Professional 2.1. It is possible to inject a malicious payload in the redirect_url parameter to the /login URI to trigger an open redirect. A "data:text/html;base64," payload can be used with JavaScript code.

CVE-2018-1220(发布:2018-03-08 10:29:00)NM
CVSS5.8

[原文]EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature. A remote attacker may potentially exploit this vulnerability to redirect genuine users to phishing websites with the intent of obtaining sensitive information from the users.

CVE-2018-7473(发布:2018-03-07 10:29:00)NM
CVSS5.8

[原文]Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL.

CVE-2017-6932(发布:2018-03-01 18:29:00)NM
CVSS5.8

[原文]Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users into unwillingly navigating to an external site.

CVE-2015-3898(发布:2018-02-28 16:29:00)NMP
CVSS5.8

[原文]Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice.

CVE-2018-6324(发布:2018-02-15 23:29:00)NMS
CVSS5.8

[原文]F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.

首页上一页12345678下一页尾页 第2页 / 共13页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站