Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2022-01-17 CVE-2021-24838 Open Redirect vulnerability in Bologer Anycomment
The AnyComment WordPress plugin through 0.2.17 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature.
network
bologer CWE-601
5.8
2022-01-16 CVE-2022-0235 node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
network
CWE-601
5.8
2022-01-14 CVE-2021-38678 Open Redirect vulnerability in Qnap Qcalagent
An open redirect vulnerability has been reported to affect QNAP device running QcalAgent.
network
qnap CWE-601
5.8
2022-01-10 CVE-2021-44528 Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.
5.8
2022-01-06 CVE-2022-0122 Open Redirect vulnerability in Digitalbazaar Forge
forge is vulnerable to URL Redirection to Untrusted Site
5.8
2022-01-05 CVE-2022-21651 Open Redirect vulnerability in Shopware
Shopware is an open source e-commerce software platform.
network
shopware CWE-601
5.8
2021-12-24 CVE-2021-20875 Open Redirect vulnerability in Groupsession
Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL.
5.8
2021-12-17 CVE-2021-40852 Open Redirect vulnerability in Tcman GIM 11.0/8.0
TCMAN GIM is affected by an open redirect vulnerability.
network
tcman CWE-601
5.8
2021-12-16 CVE-2021-43812 Open Redirect vulnerability in Auth0 Nextjs-Auth0
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications.
network
auth0 CWE-601
5.8
2021-12-15 CVE-2020-18985 Open Redirect vulnerability in Synacor Zimbra Collaboration Suite 8.8.12
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.
network
synacor CWE-601
5.8