Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-29 | CVE-2022-46407 | Open Redirect vulnerability in Ericsson Network Manager 21.2/22.1 Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. | 4.8 |
| 2023-06-23 | CVE-2023-35171 | Open Redirect vulnerability in Nextcloud Server 26.0.0/26.0.1 NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. | 6.1 |
| 2023-06-22 | CVE-2023-28799 | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |
| 2023-06-21 | CVE-2023-33405 | Open Redirect vulnerability in Blogengine Blogengine.Net Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. | 6.1 |
| 2023-06-19 | CVE-2023-34415 | Open Redirect vulnerability in Mozilla Firefox When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. | 6.1 |
| 2023-06-15 | CVE-2023-24030 | Open Redirect vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. | 6.1 |
| 2023-06-15 | CVE-2023-35029 | Open Redirect vulnerability in Liferay DXP and Liferay Portal Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter. | 6.1 |
| 2023-06-07 | CVE-2021-4348 | Open Redirect vulnerability in Createit Ultimate Gdpr & Ccpa Compliance Toolkit The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. | 6.1 |
| 2023-06-06 | CVE-2023-32551 | Open Redirect vulnerability in Canonical Landscape Landscape allowed URLs which caused open redirection. | 6.1 |
| 2023-06-02 | CVE-2023-29540 | Open Redirect vulnerability in Mozilla Firefox and Focus Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. | 6.1 |