Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-22 | CVE-2022-28977 | Open Redirect vulnerability in Liferay DXP and Liferay Portal HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | 6.1 |
| 2022-09-21 | CVE-2022-40754 | Open Redirect vulnerability in Apache Airflow In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint. | 6.1 |
| 2022-09-15 | CVE-2022-31735 | Open Redirect vulnerability in Osstech Openam OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). | 6.1 |
| 2022-09-13 | CVE-2022-39814 | Open Redirect vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | 6.1 |
| 2022-09-11 | CVE-2022-25295 | Open Redirect vulnerability in Getgophish Gophish This affects the package github.com/gophish/gophish before 0.12.0. | 5.4 |
| 2022-09-06 | CVE-2022-38131 | Open Redirect vulnerability in Rstudio Connect RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. | 6.1 |
| 2022-08-30 | CVE-2021-29864 | Open Redirect vulnerability in IBM Security Identity Manager 6.0.0/6.0.2 IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
| 2022-08-29 | CVE-2020-26938 | Open Redirect vulnerability in Oauth2-Server Project Oauth2-Server In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. | 7.2 |
| 2022-08-29 | CVE-2022-27547 | Open Redirect vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a link to non-existent domain vulnerability. | 7.4 |
| 2022-08-23 | CVE-2021-28861 | Open Redirect vulnerability in multiple products Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. | 7.4 |