Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-12 | CVE-2024-28239 | Open Redirect vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 4.3 |
| 2024-02-21 | CVE-2022-45169 | Open Redirect vulnerability in Liveboxcloud Vdesk 018/031 An issue was discovered in LIVEBOX Collaboration vDesk through v031. | 5.4 |
| 2024-02-20 | CVE-2024-24763 | Open Redirect vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host and an operation and maintenance security audit system. | 6.1 |
| 2024-02-20 | CVE-2024-25608 | Open Redirect vulnerability in Liferay Digital Experience Platform HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect. | 6.1 |
| 2024-02-20 | CVE-2024-25609 | Open Redirect vulnerability in Liferay Digital Experience Platform HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. | 6.1 |
| 2024-02-16 | CVE-2024-22854 | Open Redirect vulnerability in Darktrace Threat Visualizer 6.0.0/6.0.15/6.1.27 DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. | 6.1 |
| 2024-02-12 | CVE-2024-0250 | Open Redirect vulnerability in Deconf Analytics Insights The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. | 6.1 |
| 2024-02-11 | CVE-2024-25715 | Open Redirect vulnerability in Glewlwyd SSO Server Project Glewlwyd SSO Server Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. | 6.1 |
| 2024-02-08 | CVE-2024-24034 | Open Redirect vulnerability in Setorinformatica S.I.L 3.0 Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. | 6.1 |
| 2024-02-06 | CVE-2024-24291 | Open Redirect vulnerability in Yzmcms 7.0 An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. | 6.1 |