Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-26 | CVE-2020-26161 | Open Redirect vulnerability in Octopus Deploy In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | 5.8 |
2020-10-21 | CVE-2020-3558 | Open Redirect vulnerability in Cisco Firepower Management Center A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. | 6.1 |
2020-10-15 | CVE-2020-6365 | Open Redirect vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabnabbing URL validation. | 5.8 |
2020-10-14 | CVE-2020-24551 | Open Redirect vulnerability in Iproom Mmc+ 3.2.2 IProom MMC+ Server login page does not validate specific parameters properly. | 5.8 |
2020-10-08 | CVE-2020-15242 | Open Redirect vulnerability in Vercel Next.Js Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. | 5.8 |
2020-10-02 | CVE-2020-15233 | Open Redirect vulnerability in ORY Fosite ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. | 4.9 |
2020-10-01 | CVE-2020-15677 | Open Redirect vulnerability in multiple products By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. | 6.1 |
2020-09-16 | CVE-2020-4409 | Open Redirect vulnerability in IBM products IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. | 5.8 |
2020-09-09 | CVE-2020-5627 | Open Redirect vulnerability in Yodobashi 1.2.1.0/1.4.4/1.8.7 Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. | 5.8 |
2020-09-01 | CVE-2020-24554 | Open Redirect vulnerability in Liferay Portal The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. | 5.0 |