Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2022-10-20 CVE-2022-26954 Open Redirect vulnerability in Nopcommerce
Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class.
network
low complexity
nopcommerce CWE-601
6.1
2022-09-28 CVE-2022-40083 Open Redirect vulnerability in Labstack Echo 4.8.0
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component.
network
low complexity
labstack CWE-601
critical
9.6
2022-09-27 CVE-2022-39258 Open Redirect vulnerability in Mailcow Mailcow: Dockerized
mailcow is a mailserver suite.
network
low complexity
mailcow CWE-601
8.2
2022-09-22 CVE-2022-28977 Open Redirect vulnerability in Liferay DXP and Liferay Portal
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect.
network
low complexity
liferay CWE-601
6.1
2022-09-21 CVE-2022-40754 Open Redirect vulnerability in Apache Airflow
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
network
low complexity
apache CWE-601
6.1
2022-09-15 CVE-2022-31735 Open Redirect vulnerability in Osstech Openam
OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601).
network
low complexity
osstech CWE-601
6.1
2022-09-13 CVE-2022-39814 Open Redirect vulnerability in Nokia 1350 Optical Management System 14.2
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.
network
low complexity
nokia CWE-601
6.1
2022-09-11 CVE-2022-25295 Open Redirect vulnerability in Getgophish Gophish
This affects the package github.com/gophish/gophish before 0.12.0.
network
low complexity
getgophish CWE-601
5.4
2022-09-06 CVE-2022-38131 Open Redirect vulnerability in Rstudio Connect
RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue.
network
low complexity
rstudio CWE-601
6.1
2022-08-30 CVE-2021-29864 Open Redirect vulnerability in IBM Security Identity Manager 6.0.0/6.0.2
IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1