Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2022-23599 | Open Redirect vulnerability in Plone Products.ATContentTypes are the core content types for Plone 2.1 - 4.3. | 6.1 |
| 2022-01-24 | CVE-2021-25028 | Open Redirect vulnerability in TRI Event Tickets The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue | 5.8 |
| 2022-01-24 | CVE-2021-25074 | Open Redirect vulnerability in Webp Converter for Media Project Webp Converter for Media The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue | 5.8 |
| 2022-01-17 | CVE-2021-24838 | Open Redirect vulnerability in Bologer Anycomment The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | 5.8 |
| 2022-01-14 | CVE-2021-38678 | Open Redirect vulnerability in Qnap Qcalagent An open redirect vulnerability has been reported to affect QNAP device running QcalAgent. | 5.8 |
| 2022-01-10 | CVE-2021-44528 | Open Redirect vulnerability in Rubyonrails Rails 6.0.4.2/6.1.4.2/7.0.0 A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website. | 6.1 |
| 2022-01-06 | CVE-2022-0122 | Open Redirect vulnerability in Digitalbazaar Forge forge is vulnerable to URL Redirection to Untrusted Site | 5.8 |
| 2022-01-05 | CVE-2022-21651 | Open Redirect vulnerability in Shopware Shopware is an open source e-commerce software platform. | 5.8 |
| 2021-12-24 | CVE-2021-20875 | Open Redirect vulnerability in Groupsession Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks by having a user to access a specially crafted URL. | 5.8 |
| 2021-12-17 | CVE-2021-40852 | Open Redirect vulnerability in Tcman GIM 11.0/8.0 TCMAN GIM is affected by an open redirect vulnerability. | 5.8 |