Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2021-10-14 CVE-2021-22964 Open Redirect vulnerability in Fastify Fastify-Static 4.2.4/4.3.0/4.4.0
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option.
network
low complexity
fastify CWE-601
8.8
8.8
2021-10-13 CVE-2021-20806 Open Redirect vulnerability in Cybozu Remote Service Manager
Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
network
low complexity
cybozu CWE-601
6.1
6.1
2021-10-12 CVE-2021-20031 Open Redirect vulnerability in Sonicwall Sonicos
A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains.
network
low complexity
sonicwall CWE-601
6.1
6.1
2021-10-06 CVE-2021-34772 Open Redirect vulnerability in Cisco Orbital
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage.
network
low complexity
cisco CWE-601
6.1
6.1
2021-09-30 CVE-2021-35205 Open Redirect vulnerability in Netscout Ngeniusone 6.3.0
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.
network
low complexity
netscout CWE-601
5.4
5.4
2021-09-30 CVE-2021-41826 Open Redirect vulnerability in Place Placeos Authentication
PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
network
low complexity
place CWE-601
6.1
6.1
2021-09-14 CVE-2021-23052 Open Redirect vulnerability in F5 Big-Ip Access Policy Manager
On version 14.1.x before 14.1.4.4 and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy.
network
low complexity
f5 CWE-601
6.1
6.1
2021-09-13 CVE-2021-22526 Open Redirect vulnerability in Microfocus Access Manager 5.0
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
network
low complexity
microfocus CWE-601
6.1
6.1
2021-09-12 CVE-2021-23435 Open Redirect vulnerability in Thoughtbot Clearance
This affects the package clearance before 2.5.0.
network
low complexity
thoughtbot CWE-601
6.1
6.1
2021-09-08 CVE-2021-32805 Open Redirect vulnerability in Flask-Appbuilder Project Flask-Appbuilder
Flask-AppBuilder is an application development framework, built on top of Flask.
network
low complexity
flask-appbuilder-project CWE-601
6.1
6.1