Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2023-06-15 CVE-2023-35029 Open Redirect vulnerability in Liferay DXP and Liferay Portal
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.
network
low complexity
liferay CWE-601
6.1
2023-06-07 CVE-2021-4348 Open Redirect vulnerability in Createit Ultimate Gdpr & Ccpa Compliance Toolkit
The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4.
network
low complexity
createit CWE-601
6.1
2023-06-06 CVE-2023-32551 Open Redirect vulnerability in Canonical Landscape
Landscape allowed URLs which caused open redirection.
network
low complexity
canonical CWE-601
6.1
2023-06-02 CVE-2023-29540 Open Redirect vulnerability in Mozilla Firefox and Focus
Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>.
network
low complexity
mozilla CWE-601
6.1
2023-05-30 CVE-2023-32218 Open Redirect vulnerability in Avaya IX Workforce Engagement 15.2.7.1195
Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
network
low complexity
avaya CWE-601
6.1
2023-05-30 CVE-2023-23754 Open Redirect vulnerability in Joomla Joomla!
An issue was discovered in Joomla! 4.2.0 through 4.3.1.
network
low complexity
joomla CWE-601
6.1
2023-05-30 CVE-2023-20884 Open Redirect vulnerability in VMWare products
VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
network
low complexity
vmware CWE-601
6.1
2023-05-25 CVE-2023-28370 Open Redirect vulnerability in Tornadoweb Tornado
Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.
network
low complexity
tornadoweb CWE-601
6.1
2023-05-08 CVE-2020-21038 Open Redirect vulnerability in Typecho 1.117.10.30
Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.
network
low complexity
typecho CWE-601
6.1
2023-05-03 CVE-2022-43950 Open Redirect vulnerability in Fortinet Fortinac and Fortinac-F
A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL.
network
low complexity
fortinet CWE-601
4.7