Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-36085 | Open Redirect vulnerability in Sisqualwfm 7.1.319.103 The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. | 6.1 |
| 2023-10-22 | CVE-2021-46898 | Open Redirect vulnerability in Vonautomatisch Django Grappelli views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | 6.1 |
| 2023-10-18 | CVE-2023-45909 | Open Redirect vulnerability in Zzzcms Zzzphp 2.2.0 zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | 6.1 |
| 2023-10-15 | CVE-2018-25091 | Open Redirect vulnerability in Python Urllib3 urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). | 6.1 |
| 2023-09-29 | CVE-2023-3922 | Open Redirect vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. | 7.1 |
| 2023-09-19 | CVE-2023-23957 | Open Redirect vulnerability in Symantec Identity Portal 14.4 An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | 5.4 |
| 2023-09-14 | CVE-2023-40779 | Open Redirect vulnerability in Icewarp Deep Castle G2 13.0.1.2 An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. | 6.1 |
| 2023-09-11 | CVE-2023-41609 | Open Redirect vulnerability in Couchcms 2.3 An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | 6.1 |
| 2023-09-08 | CVE-2023-40306 | Open Redirect vulnerability in SAP S/4Hana SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. | 6.1 |
| 2023-09-06 | CVE-2023-20263 | Open Redirect vulnerability in Cisco Hyperflex HX Data Platform 5.0/5.5 A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. | 6.1 |