Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-18 | CVE-2021-22141 | Open Redirect vulnerability in Elastic Kibana An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. | 6.1 |
| 2022-11-09 | CVE-2022-3280 | Open Redirect vulnerability in Gitlab An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | 6.1 |
| 2022-11-09 | CVE-2022-3486 | Open Redirect vulnerability in Gitlab An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | 6.1 |
| 2022-10-31 | CVE-2022-28763 | Open Redirect vulnerability in Zoom Meetings and Virtual Desktop Infrastructure The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. | 9.6 |
| 2022-10-26 | CVE-2022-39359 | Open Redirect vulnerability in Metabase Metabase is data visualization software. | 6.5 |
| 2022-10-25 | CVE-2022-38197 | Open Redirect vulnerability in Esri Arcgis Server Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter. | 6.1 |
| 2022-10-20 | CVE-2022-26954 | Open Redirect vulnerability in Nopcommerce Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow remote attackers to conduct phishing attacks by redirecting users to attacker-controlled web sites via the returnUrl parameter, processed by the (1) ChangePassword function, (2) SignInCustomerAsync function, (3) SuccessfulAuthentication method, or (4) NopRedirectResultExecutor class. | 6.1 |
| 2022-09-28 | CVE-2022-40083 | Open Redirect vulnerability in Labstack Echo 4.8.0 Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. | 9.6 |
| 2022-09-27 | CVE-2022-39258 | Open Redirect vulnerability in Mailcow Mailcow: Dockerized mailcow is a mailserver suite. | 8.2 |
| 2022-09-22 | CVE-2022-28977 | Open Redirect vulnerability in Liferay DXP and Liferay Portal HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | 6.1 |