Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-20 | CVE-2022-26954 | Open Redirect vulnerability in Nopcommerce Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class. | 6.1 |
2022-09-28 | CVE-2022-40083 | Open Redirect vulnerability in Labstack Echo 4.8.0 Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. | 9.6 |
2022-09-27 | CVE-2022-39258 | Open Redirect vulnerability in Mailcow Mailcow: Dockerized mailcow is a mailserver suite. | 8.2 |
2022-09-22 | CVE-2022-28977 | Open Redirect vulnerability in Liferay DXP and Liferay Portal HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | 6.1 |
2022-09-21 | CVE-2022-40754 | Open Redirect vulnerability in Apache Airflow In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | 6.1 |
2022-09-15 | CVE-2022-31735 | Open Redirect vulnerability in Osstech Openam OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). | 6.1 |
2022-09-13 | CVE-2022-39814 | Open Redirect vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | 6.1 |
2022-09-11 | CVE-2022-25295 | Open Redirect vulnerability in Getgophish Gophish This affects the package github.com/gophish/gophish before 0.12.0. | 5.4 |
2022-09-06 | CVE-2022-38131 | Open Redirect vulnerability in Rstudio Connect RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. | 6.1 |
2022-08-30 | CVE-2021-29864 | Open Redirect vulnerability in IBM Security Identity Manager 6.0.0/6.0.2 IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |