Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2021-11-01 CVE-2021-43058 Open Redirect vulnerability in Replicated Classic 2.41.0
An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing.
network
low complexity
replicated CWE-601
6.1
6.1
2021-10-27 CVE-2021-34764 Open Redirect vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an attacker to execute a cross-site scripting (XSS) attack or an open redirect attack.
network
low complexity
cisco CWE-601
6.1
6.1
2021-10-19 CVE-2021-3851 Open Redirect vulnerability in Firefly-Iii Firefly III
firefly-iii is vulnerable to URL Redirection to Untrusted Site
network
low complexity
firefly-iii CWE-601
5.4
5.4
2021-10-18 CVE-2021-22942 Open Redirect vulnerability in Rubyonrails Rails
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
network
low complexity
rubyonrails CWE-601
6.1
6.1
2021-10-14 CVE-2021-22963 Open Redirect vulnerability in Fastify Fastify-Static
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option.
network
low complexity
fastify CWE-601
6.1
6.1
2021-10-14 CVE-2021-22964 Open Redirect vulnerability in Fastify Fastify-Static 4.2.4/4.3.0/4.4.0
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option.
network
low complexity
fastify CWE-601
8.8
8.8
2021-10-13 CVE-2021-20806 Open Redirect vulnerability in Cybozu Remote Service Manager
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
cybozu CWE-601
6.1
6.1
2021-10-12 CVE-2021-20031 Open Redirect vulnerability in Sonicwall Sonicos
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
network
low complexity
sonicwall CWE-601
6.1
6.1
2021-10-06 CVE-2021-34772 Open Redirect vulnerability in Cisco Orbital
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage.
network
low complexity
cisco CWE-601
6.1
6.1
2021-09-30 CVE-2021-35205 Open Redirect vulnerability in Netscout Ngeniusone 6.3.0
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.
network
low complexity
netscout CWE-601
5.4
5.4