Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-18 | CVE-2020-15300 | Open Redirect vulnerability in Salesagility Suitecrm SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. | 6.1 |
| 2020-11-18 | CVE-2020-28724 | Open Redirect vulnerability in Palletsprojects Werkzeug Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL. | 6.1 |
| 2020-10-26 | CVE-2020-26161 | Open Redirect vulnerability in Octopus Deploy In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | 6.1 |
| 2020-10-21 | CVE-2020-3558 | Open Redirect vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
| 2020-10-15 | CVE-2020-6365 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. | 6.1 |
| 2020-10-14 | CVE-2020-24551 | Open Redirect vulnerability in Iproom Mmc+ 3.2.2 IProom MMC+ Server login page does not validate specific parameters properly. | 6.1 |
| 2020-10-02 | CVE-2020-15233 | Open Redirect vulnerability in ORY Fosite ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. | 4.8 |
| 2020-10-01 | CVE-2020-15677 | Open Redirect vulnerability in multiple products By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. | 6.1 |
| 2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 8.2 |
| 2020-09-09 | CVE-2020-5627 | Open Redirect vulnerability in Yodobashi 1.2.1.0/1.4.4/1.8.7 Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. | 6.1 |