Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-03 | CVE-2022-3614 | Open Redirect vulnerability in Octopus Server In affected versions of Octopus Deploy users of certain browsers using AD to sign-in to Octopus Server were able to bypass authentication checks and be redirected to the configured redirect url without any validation. | 6.1 |
2022-12-27 | CVE-2022-4720 | Open Redirect vulnerability in Ikus-Soft Rdiffweb Open Redirect in GitHub repository ikus060/rdiffweb prior to 2.5.5. | 6.1 |
2022-12-22 | CVE-2022-29910 | Open Redirect vulnerability in Mozilla Firefox When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.<br>*Note: This issue only affected Firefox for Android. | 6.1 |
2022-12-22 | CVE-2022-29912 | Open Redirect vulnerability in Mozilla Thunderbird Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. | 6.1 |
2022-12-22 | CVE-2022-34474 | Open Redirect vulnerability in Mozilla Firefox Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. | 6.1 |
2022-12-22 | CVE-2022-36316 | Open Redirect vulnerability in Mozilla Firefox When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. | 6.1 |
2022-12-22 | CVE-2022-45413 | Open Redirect vulnerability in Mozilla Firefox Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. | 6.1 |
2022-12-19 | CVE-2022-38662 | Open Redirect vulnerability in Hcltech HCL Digital Experience 8.5/9.0/9.5 In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites. | 6.1 |
2022-12-19 | CVE-2022-46288 | Open Redirect vulnerability in Jacic Electronic Bidding Core System 6 Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | 6.1 |
2022-12-14 | CVE-2022-23527 | Open Redirect vulnerability in multiple products mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server. | 6.1 |