CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
CVE-2026-11477 (GCVE-0-2026-11477)
Vulnerability from cvelistv5 – Published: 2026-06-08 01:45 – Updated: 2026-06-08 13:42 X_Open Source- CWE-601 - Open Redirect
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369097 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369097/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11477 | third-party-advisory |
| https://vuldb.com/submit/833962 | third-party-advisory |
| https://github.com/hs-web/hsweb-framework/issues/354 | exploitissue-tracking |
| https://github.com/hs-web/hsweb-framework/pull/355 | issue-trackingpatch |
| https://github.com/hs-web/hsweb-framework/commit/… | patch |
| https://github.com/hs-web/hsweb-framework/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| hs-web | hsweb-framework |
Affected:
5.0.0
Affected: 5.0.1 cpe:2.3:a:hs-web:hsweb-framework:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11477",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-08T13:42:34.624757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T13:42:42.500Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:hs-web:hsweb-framework:*:*:*:*:*:*:*:*"
],
"modules": [
"OAuth2 Client"
],
"product": "hsweb-framework",
"vendor": "hs-web",
"versions": [
{
"status": "affected",
"version": "5.0.0"
},
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0Xrry (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in open redirect. The attack can be executed remotely. The exploit is now public and may be used. The patch is identified as c2882679a9125cea52678151af5ae213cbd52579. Applying a patch is advised to resolve this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T01:45:11.512Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369097 | hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369097"
},
{
"name": "VDB-369097 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369097/cti"
},
{
"name": "CVE-2026-11477 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11477"
},
{
"name": "Submit #833962 | GitHub hsweb-framework 5.0.0 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/833962"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/hs-web/hsweb-framework/issues/354"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/hs-web/hsweb-framework/pull/355"
},
{
"tags": [
"patch"
],
"url": "https://github.com/hs-web/hsweb-framework/commit/c2882679a9125cea52678151af5ae213cbd52579"
},
{
"tags": [
"product"
],
"url": "https://github.com/hs-web/hsweb-framework/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T11:45:30.000Z",
"value": "VulDB entry last update"
}
],
"title": "hs-web hsweb-framework OAuth2 Client OAuth2Client.java OAuth2Client redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11477",
"datePublished": "2026-06-08T01:45:11.512Z",
"dateReserved": "2026-06-07T09:40:18.483Z",
"dateUpdated": "2026-06-08T13:42:42.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-11502 (GCVE-0-2026-11502)
Vulnerability from cvelistv5 – Published: 2026-06-08 09:30 – Updated: 2026-06-09 14:52- CWE-601 - Open Redirect
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/369122 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/369122/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-11502 | third-party-advisory |
| https://vuldb.com/submit/835622 | third-party-advisory |
| https://github.com/jeecgboot/JeecgBoot/issues/9639 | exploitissue-tracking |
| https://github.com/jeecgboot/JeecgBoot/issues/963… | issue-tracking |
| https://github.com/jeecgboot/JeecgBoot/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-11502",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T14:51:56.005890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T14:52:09.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:jeecgboot:jeecgboot:*:*:*:*:*:*:*:*"
],
"modules": [
"Third-Party Login"
],
"product": "JeecgBoot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.9.0"
},
{
"status": "affected",
"version": "3.9.1"
},
{
"status": "affected",
"version": "3.9.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mukyuuhate (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdLoginController.java of the component Third-Party Login. This manipulation of the argument state causes open redirect. The attack can be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been made available to the public and could be used for attacks. The project replied: \"After evaluation, this vulnerability has low exploitability in real-world scenarios: 1) Exploiting this vulnerability requires attackers to use social engineering techniques to induce victims to actively click on an OAuth login link constructed by the attacker; it cannot be triggered passively. 2) Third-party login (DingTalk/WeChat, etc.) is an optional feature and may not be enabled in most projects.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-08T09:30:10.474Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-369122 | JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/369122"
},
{
"name": "VDB-369122 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/369122/cti"
},
{
"name": "CVE-2026-11502 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-11502"
},
{
"name": "Submit #835622 | https://github.com/jeecgboot/JeecgBoot JeecgBoot v3.9.2 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/835622"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/jeecgboot/JeecgBoot/issues/9639"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/jeecgboot/JeecgBoot/issues/9639#issuecomment-4544271822"
},
{
"tags": [
"product"
],
"url": "https://github.com/jeecgboot/JeecgBoot/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-07T15:53:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "JeecgBoot Third-Party Login ThirdLoginController.java HttpServletResponse.sendRedirect redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-11502",
"datePublished": "2026-06-08T09:30:10.474Z",
"dateReserved": "2026-06-07T13:48:50.936Z",
"dateUpdated": "2026-06-09T14:52:09.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1166 (GCVE-0-2026-1166)
Vulnerability from cvelistv5 – Published: 2026-03-25 02:07 – Updated: 2026-03-25 13:30- CWE-601 - URL redirection to untrusted site ('open redirect')
| URL | Tags |
|---|---|
| https://www.hitachi.com/products/it/software/secu… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Hitachi | Hitachi Ops Center Administrator |
Affected:
10.2.0 , < 11.0.8
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:30:17.223904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:30:24.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "Hitachi Ops Center Administrator",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11.0.8",
"status": "unaffected"
}
],
"lessThan": "11.0.8",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.\u003cp\u003eThis issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8.\u003c/p\u003e"
}
],
"value": "Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops Center Administrator: from 10.2.0 before 11.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-98",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-98 Phishing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T02:07:10.895Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2026-113/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2026-113",
"discovery": "UNKNOWN"
},
"title": "Open Redirect Vulnerability in Hitachi Ops Center Administrator",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2026-1166",
"datePublished": "2026-03-25T02:07:10.895Z",
"dateReserved": "2026-01-19T05:00:10.434Z",
"dateUpdated": "2026-03-25T13:30:24.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12049 (GCVE-0-2026-12049)
Vulnerability from cvelistv5 – Published: 2026-06-18 23:37 – Updated: 2026-06-22 14:39- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| URL | Tags |
|---|---|
| https://github.com/pgadmin-org/pgadmin4/issues/10028 | issue-tracking |
| https://github.com/pgadmin-org/pgadmin4/commit/ff… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| pgadmin.org | pgAdmin 4 |
Affected:
6.0 , < 9.16
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T14:39:40.324350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T14:39:56.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Authentication",
"Multi-Factor Authentication"
],
"product": "pgAdmin 4",
"programFiles": [
"https://github.com/pgadmin-org/pgadmin4/blob/master/web/pgadmin/authenticate/mfa/views.py"
],
"repo": "https://github.com/pgadmin-org/pgadmin4",
"vendor": "pgadmin.org",
"versions": [
{
"lessThan": "9.16",
"status": "affected",
"version": "6.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mai Ph\u1ea1m Hi\u1ec1n \u003cmai.phamhien171@gmail.com\u003e"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Dave Page \u003cpage@pgadmin.org\u003e"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "Kundan Sable \u003ckundan.sable@enterprisedb.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"value": "Open redirect in pgAdmin 4\u0027s multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied \u0027next\u0027 query/form parameter without confirming the target pointed back inside pgAdmin, so an authenticated victim who clicked /mfa/validate?next=\u003cexternal\u003e -- a link typically delivered by phishing -- would be sent to an attacker-controlled host directly out of the trusted auth flow.\n\nThe defect is a trusted-domain redirect, not a privilege bypass: the attacker gains no read/write access to pgAdmin or the victim\u0027s database, but the redirect launders the attacker\u0027s destination through pgAdmin\u0027s URL, which raises the success rate of credential-phishing follow-on against the victim.\n\nFix introduces a same-origin _is_safe_redirect_url helper and gates every MFA redirect that consumes user-supplied \u0027next\u0027 values through it. The helper allows only relative paths and absolute URLs whose scheme is http(s) and whose host matches the current request host; it rejects external hosts in absolute and protocol-relative form, non-http schemes (javascript:, data:, mailto:), userinfo tricks (http://localhost@attacker/), and backslash variants that some browsers normalize to forward slashes. Unsafe targets fall back to the internal browser index. A dedicated regression test exercises each accept/reject category and the original reporter PoC.\n\nThis issue affects pgAdmin 4: from 6.0 before 9.16."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Attacker delivers a crafted /mfa/validate?next=\u003cexternal\u003e URL to a logged-in pgAdmin user (typically via phishing). The endpoint requires login_required so the victim must already be authenticated to pgAdmin -- but the *attacker* needs no pgAdmin privileges at all to construct and deliver the link (PR:N). UI:R captures the click. Scope is unchanged: the defect does not grant the attacker access to pgAdmin\u0027s authority or the victim\u0027s database session; it only launders the attacker\u0027s destination through pgAdmin\u0027s URL, which raises credential-phishing success rates. C:N and A:N follow from the same reasoning; I:L acknowledges the integrity impact of an authenticated-flow redirect that lends pgAdmin\u0027s trust to an attacker domain.\n\nReviewer note (Dave Page, 2026-06-11): defensible at 4.3 for a token-free open redirect. Heads-up that NVD house style for open redirects often lands at S:C/C:L/I:L -\u003e 6.1, so expect a possible upward rescore by the NVD analyst."
}
]
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "Same reasoning as the CVSS 3.1 entry: the attacker needs no pgAdmin privileges to craft the link, the victim must click it (UI:P), and the defect grants no new vulnerable-system or subsequent-system capability beyond a trusted-domain redirect that aids downstream phishing (VI:L only)."
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-18T23:37:43.328Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/pgadmin-org/pgadmin4/issues/10028"
},
{
"tags": [
"patch"
],
"url": "https://github.com/pgadmin-org/pgadmin4/commit/fff6a481854b07822c2b54e8181e6a9076d204cd"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated \u0027next\u0027 parameter"
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2026-12049",
"datePublished": "2026-06-18T23:37:43.328Z",
"dateReserved": "2026-06-11T20:40:09.111Z",
"dateUpdated": "2026-06-22T14:39:56.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12622 (GCVE-0-2026-12622)
Vulnerability from cvelistv5 – Published: 2026-06-19 15:48 – Updated: 2026-06-29 05:23- CWE-601 - URL redirection to untrusted site ('open redirect')
| URL | Tags |
|---|---|
| https://www.microchip.com/en-us/solutions/technol… | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Microchip | GridTime 3000 |
Affected:
1.0r0.03 , ≤ 1.1r0.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T16:45:07.862285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:14:35.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GridTime 3000",
"vendor": "Microchip",
"versions": [
{
"lessThanOrEqual": "1.1r0.0",
"status": "affected",
"version": "1.0r0.03",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Ahmad Ashraff Ahmad (Bastion Security Group)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission.\u003cp\u003eThis issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0.\u003c/p\u003e"
}
],
"value": "The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission.\n\nThis issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-194",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-194 Fake the Source of Data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T05:23:38.475Z",
"orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"shortName": "Microchip"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/gridtime-3000-gnss-time-server-open-redirect"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nUpgrade GridTime 3000 GNSS Time Server to the latest firmware\n\n\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\nAs of the firmware release 1.2r0.0, parameter sanitization has been improved to validate the redirectUrl before execution.\n\n\u003c/div\u003e"
}
],
"value": "Upgrade GridTime 3000 GNSS Time Server to the latest firmware\n\n\n\n\n\n\n\nAs of the firmware release 1.2r0.0, parameter sanitization has been improved to validate the redirectUrl before execution."
}
],
"source": {
"advisory": "PSIRT-147",
"discovery": "UNKNOWN"
},
"title": "Open Redirect Vulnerability in Password Reset Submission in GridTime\u2122 3000 GNSS Time Server",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
"assignerShortName": "Microchip",
"cveId": "CVE-2026-12622",
"datePublished": "2026-06-19T15:48:02.931Z",
"dateReserved": "2026-06-18T14:15:26.621Z",
"dateUpdated": "2026-06-29T05:23:38.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1277 (GCVE-0-2026-1277)
Vulnerability from cvelistv5 – Published: 2026-02-18 04:35 – Updated: 2026-04-08 17:21- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| Vendor | Product | Version | |
|---|---|---|---|
| kaizencoders | URL Shortify – Simple and Easy URL Shortener |
Affected:
0 , ≤ 1.12.1
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:29:18.999659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:29:25.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "URL Shortify \u2013 Simple and Easy URL Shortener",
"vendor": "kaizencoders",
"versions": [
{
"lessThanOrEqual": "1.12.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tarc\u00edsio Luchesi De Almeida Silva"
}
],
"descriptions": [
{
"lang": "en",
"value": "The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the \u0027redirect_to\u0027 parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites via a crafted link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:21:28.282Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7c1dc51-47ca-4b2f-9ff9-275bd8b1c106?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/url-shortify/tags/1.11.4/lite/includes/Promo.php#L64"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3451740%40url-shortify\u0026old=3445491%40url-shortify\u0026sfp_email=\u0026sfph_mail=#file1049"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-21T05:30:41.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-17T16:15:33.000Z",
"value": "Disclosed"
}
],
"title": "URL Shortify \u003c= 1.12.1 - Unauthenticated Open Redirect via \u0027redirect_to\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1277",
"datePublished": "2026-02-18T04:35:45.102Z",
"dateReserved": "2026-01-20T22:04:30.416Z",
"dateUpdated": "2026-04-08T17:21:28.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12804 (GCVE-0-2026-12804)
Vulnerability from cvelistv5 – Published: 2026-06-21 18:30 – Updated: 2026-06-22 15:52- CWE-601 - Open Redirect
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/372598 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/372598/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-12804 | third-party-advisory |
| https://vuldb.com/submit/836105 | third-party-advisory |
| https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/… | related |
| https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | lemonldap-ng |
Affected:
2.0
Affected: 2.1 Affected: 2.2 Affected: 2.3 Affected: 2.4 Affected: 2.5 Affected: 2.6 Affected: 2.7 Affected: 2.8 Affected: 2.9 Affected: 2.10 Affected: 2.11 Affected: 2.12 Affected: 2.13 Affected: 2.14 Affected: 2.15 Affected: 2.16 Affected: 2.17 Affected: 2.18 Affected: 2.19 Affected: 2.20 Affected: 2.21 Affected: 2.22 Affected: 2.23.0 cpe:2.3:a:lemonldap-ng:lemonldap-ng:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12804",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T10:27:57.331935Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T10:28:14.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:lemonldap-ng:lemonldap-ng:*:*:*:*:*:*:*:*"
],
"modules": [
"SAML Common Domain Cookie Endpoint"
],
"product": "lemonldap-ng",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.0"
},
{
"status": "affected",
"version": "2.1"
},
{
"status": "affected",
"version": "2.2"
},
{
"status": "affected",
"version": "2.3"
},
{
"status": "affected",
"version": "2.4"
},
{
"status": "affected",
"version": "2.5"
},
{
"status": "affected",
"version": "2.6"
},
{
"status": "affected",
"version": "2.7"
},
{
"status": "affected",
"version": "2.8"
},
{
"status": "affected",
"version": "2.9"
},
{
"status": "affected",
"version": "2.10"
},
{
"status": "affected",
"version": "2.11"
},
{
"status": "affected",
"version": "2.12"
},
{
"status": "affected",
"version": "2.13"
},
{
"status": "affected",
"version": "2.14"
},
{
"status": "affected",
"version": "2.15"
},
{
"status": "affected",
"version": "2.16"
},
{
"status": "affected",
"version": "2.17"
},
{
"status": "affected",
"version": "2.18"
},
{
"status": "affected",
"version": "2.19"
},
{
"status": "affected",
"version": "2.20"
},
{
"status": "affected",
"version": "2.21"
},
{
"status": "affected",
"version": "2.22"
},
{
"status": "affected",
"version": "2.23.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the library lemonldap-ng-portal/lib/Lemonldap/NG/Portal/CDC.pm of the component SAML Common Domain Cookie Endpoint. Performing a manipulation of the argument url results in open redirect. The attack is possible to be carried out remotely. The exploit is now public and may be used. Applying a patch is the recommended action to fix this issue. The vendor confirms, that \"it has been fixed some days ago and will be available in 2.23.1. CDC is quite never used, so the impact is very low.\""
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "Open Redirect",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T15:52:04.231Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-372598 | lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/372598"
},
{
"name": "VDB-372598 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/372598/cti"
},
{
"name": "CVE-2026-12804 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-12804"
},
{
"name": "Submit #836105 | lemonldap lemonldap-ng ca7af863ac5f60d127ba01e8661c0365be374d4b Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/836105"
},
{
"tags": [
"related"
],
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/work_items/3619"
},
{
"tags": [
"patch"
],
"url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/merge_requests/979"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-21T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-21T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-22T17:56:58.000Z",
"value": "VulDB entry last update"
}
],
"title": "lemonldap-ng SAML Common Domain Cookie Endpoint CDC.pm redirect"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-12804",
"datePublished": "2026-06-21T18:30:07.377Z",
"dateReserved": "2026-06-21T04:09:21.573Z",
"dateUpdated": "2026-06-22T15:52:04.231Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12863 (GCVE-0-2026-12863)
Vulnerability from cvelistv5 – Published: 2026-06-22 08:41 – Updated: 2026-06-23 11:54- CWE-601 - URL redirection to untrusted site ('open redirect')
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-12863",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T10:27:00.898005Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T10:27:10.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Venueless",
"vendor": "pretix",
"versions": [
{
"lessThan": "d27864a7",
"status": "affected",
"version": "0.0.0",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kuturu Rajesh"
}
],
"datePublic": "2026-06-22T08:18:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unvalidated redirect was contained in Venueless\u0027 social login functionality and could be exploited for phishing using trusted domains."
}
],
"value": "An unvalidated redirect was contained in Venueless\u0027 social login functionality and could be exploited for phishing using trusted domains."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T11:54:38.277Z",
"orgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"shortName": "rami.io"
},
"references": [
{
"url": "https://github.com/venueless/venueless/security/advisories/GHSA-m87f-7c4r-w4p3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Open redirect",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"assignerShortName": "rami.io",
"cveId": "CVE-2026-12863",
"datePublished": "2026-06-22T08:41:33.126Z",
"dateReserved": "2026-06-22T08:17:20.587Z",
"dateUpdated": "2026-06-23T11:54:38.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1296 (GCVE-0-2026-1296)
Vulnerability from cvelistv5 – Published: 2026-02-18 04:35 – Updated: 2026-02-18 20:47- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
| Vendor | Product | Version | |
|---|---|---|---|
| wpshuffle | Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin |
Affected:
1.0.0 , ≤ 1.2.7
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1296",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-18T20:47:02.966794Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T20:47:37.114Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Frontend Post Submission Manager Lite \u2013 Frontend Posting WordPress Plugin",
"vendor": "wpshuffle",
"versions": [
{
"lessThanOrEqual": "1.2.7",
"status": "affected",
"version": "1.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kenneth Dunn"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the \u0027requested_page\u0027 POST parameter in the verify_username_password function. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action such as clicking on a link."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-18T04:35:43.878Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/92c52129-7cf5-4a1b-80a1-b01140e6a72b?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/trunk/includes/classes/class-fpsml-shortcode.php#L108"
},
{
"url": "https://plugins.trac.wordpress.org/browser/frontend-post-submission-manager-lite/tags/1.2.6/includes/classes/class-fpsml-shortcode.php#L108"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3458652%40frontend-post-submission-manager-lite\u0026new=3458652%40frontend-post-submission-manager-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-21T17:32:28.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-02-17T16:14:54.000Z",
"value": "Disclosed"
}
],
"title": "Frontend Post Submission Manager Lite \u003c= 1.2.7 - Unauthenticated Open Redirect via \u0027requested_page\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1296",
"datePublished": "2026-02-18T04:35:43.878Z",
"dateReserved": "2026-01-21T17:14:51.411Z",
"dateUpdated": "2026-02-18T20:47:37.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-13163 (GCVE-0-2026-13163)
Vulnerability from cvelistv5 – Published: 2026-06-24 12:49 – Updated: 2026-06-24 13:07- CWE-601 - URL redirection to untrusted site ('open redirect')
| URL | Tags |
|---|---|
| https://github.com/Maalfer/mailerup/commit/99eb6d… | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-13163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-24T13:06:55.947222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T13:07:07.003Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mailerup",
"repo": "https://github.com/Maalfer/mailerup",
"vendor": "Mailerup",
"versions": [
{
"lessThan": "1.0.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailerup:mailerup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.1",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dario Rivas Quero from Secur0 security team"
},
{
"lang": "en",
"type": "finder",
"value": "Cristian Fernandez Cornejo from Secur0 security team"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Mario Alvarez Fernandez"
},
{
"lang": "en",
"type": "analyst",
"value": "Xoan M. Otero Jorge"
},
{
"lang": "en",
"type": "coordinator",
"value": "Secur0 CNA"
}
],
"datePublic": "2026-06-24T12:40:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Open redirect vulnerability (CWE-601) in the \u003ccode\u003e_safe_redirect\u003c/code\u003e function of the click-tracking endpoint (\u003ccode\u003e/c/\u0026lt;token\u0026gt;/\u003c/code\u003e) in \u003ccode\u003eMailerup \u0026lt;1.0.0\u003c/code\u003e\u0026nbsp;on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted \u003ccode\u003eu\u003c/code\u003e\u0026nbsp;query parameter, because the URL scheme is validated (blocking \u003ccode\u003ejavascript:\u003c/code\u003e and \u003ccode\u003edata:\u003c/code\u003e) but the destination host is not restricted to an allowlist, and a \u003ccode\u003esigning.BadSignature\u003c/code\u003e exception is silently caught so a valid signed token is not required."
}
],
"value": "Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking endpoint (/c/\u003ctoken\u003e/) in Mailerup \u003c1.0.0\u00a0on all platforms allows remote unauthenticated attackers to redirect victims to arbitrary external sites and conduct phishing attacks via a crafted u\u00a0query parameter, because the URL scheme is validated (blocking javascript: and data:) but the destination host is not restricted to an allowlist, and a signing.BadSignature exception is silently caught so a valid signed token is not required."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL redirection to untrusted site (\u0027open redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T12:49:05.227Z",
"orgId": "4daa8cea-433a-44bd-9456-53b127fc289a",
"shortName": "Secur0"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Maalfer/mailerup/commit/99eb6d4586134bf3f4422093fbf47d6794ef0ee5"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to version 1.0.1 or higher."
}
],
"value": "Upgrade to version 1.0.1 or higher."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Lack of input validation in Mailerup input parameter leads to Open Redirect",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "4daa8cea-433a-44bd-9456-53b127fc289a",
"assignerShortName": "Secur0",
"cveId": "CVE-2026-13163",
"datePublished": "2026-06-24T12:49:05.227Z",
"dateReserved": "2026-06-24T12:44:34.692Z",
"dateUpdated": "2026-06-24T13:07:07.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- Use a list of approved URLs or domains to be used for redirection.
Mitigation
Phase: Architecture and Design
Description:
- Use an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.
Mitigation ID: MIT-21.2
Phase: Architecture and Design
Strategy: Enforcement by Conversion
Description:
- When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs.
- For example, ID 1 could map to "/login.asp" and ID 2 could map to "http://www.example.com/". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).
Mitigation ID: MIT-6
Phases: Architecture and Design, Implementation
Strategy: Attack Surface Reduction
Description:
- Understand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly through API calls.
- Many open redirect problems occur because the programmer assumed that certain inputs could not be modified, such as cookies and hidden form fields.
Mitigation ID: MIT-29
Phase: Operation
Strategy: Firewall
Description:
- Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth [REF-1481].
CAPEC-178: Cross-Site Flashing
An attacker is able to trick the victim into executing a Flash document that passes commands or calls to a Flash player browser plugin, allowing the attacker to exploit native Flash functionality in the client browser. This attack pattern occurs where an attacker can provide a crafted link to a Flash document (SWF file) which, when followed, will cause additional malicious instructions to be executed. The attacker does not need to serve or control the Flash document. The attack takes advantage of the fact that Flash files can reference external URLs. If variables that serve as URLs that the Flash application references can be controlled through parameters, then by creating a link that includes values for those parameters, an attacker can cause arbitrary content to be referenced and possibly executed by the targeted Flash application.