Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2023-02-22 CVE-2022-38779 Open Redirect vulnerability in Elastic Kibana
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
network
low complexity
elastic CWE-601
6.1
2023-02-16 CVE-2022-0637 Open Redirect vulnerability in Mozilla Pollbot
open redirect in pollbot (pollbot.services.mozilla.com) in versions before 1.4.6
network
low complexity
mozilla CWE-601
6.1
2023-02-12 CVE-2022-38657 Open Redirect vulnerability in Hcltech HCL Leap
An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page.
network
low complexity
hcltech CWE-601
5.4
2023-02-09 CVE-2023-22797 Open Redirect vulnerability in multiple products
An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input.
network
low complexity
rubyonrails actionpack-project CWE-601
6.1
2023-02-09 CVE-2023-22798 Open Redirect vulnerability in Brave Adblock-Lists
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes.
network
low complexity
brave CWE-601
6.1
2023-02-08 CVE-2023-0748 Open Redirect vulnerability in Btcpayserver
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
network
low complexity
btcpayserver CWE-601
6.1
2023-02-06 CVE-2022-28923 Open Redirect vulnerability in Caddyserver Caddy 2.4.6
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.
network
low complexity
caddyserver CWE-601
6.1
2023-02-01 CVE-2023-22418 Open Redirect vulnerability in F5 products
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy.
network
low complexity
f5 CWE-601
6.1
2023-01-27 CVE-2022-44717 Open Redirect vulnerability in Netscout Ngeniusone 6.3.2
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904.
network
high complexity
netscout CWE-601
3.1
2023-01-27 CVE-2022-44718 Open Redirect vulnerability in Netscout Ngeniusone 6.3.2
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904.
network
low complexity
netscout CWE-601
3.5