Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-12-11 | CVE-2018-1654 | Open Redirect vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.1 |
2018-12-03 | CVE-2018-19796 | Open Redirect vulnerability in Ninjaforms Ninja Forms An open redirect in the Ninja Forms plugin before 3.3.19.1 for WordPress allows Remote Attackers to redirect a user via the lib/StepProcessing/step-processing.php (aka submissions download page) redirect parameter. | 6.1 |
2018-11-26 | CVE-2018-11067 | Open Redirect vulnerability in multiple products Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2 contain an open redirection vulnerability. | 6.1 |
2018-11-20 | CVE-2018-17948 | Open Redirect vulnerability in Microfocus Access Manager An open redirect vulnerability exists in the Access Manager Identity Provider prior to 4.4 SP3. | 6.1 |
2018-11-13 | CVE-2018-2476 | Open Redirect vulnerability in SAP Netweaver 7.30/7.31/7.40 Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site. | 6.1 |
2018-11-13 | CVE-2018-14658 | Open Redirect vulnerability in Redhat Keycloak 3.2.1 A flaw was found in JBOSS Keycloak 3.2.1.Final. | 6.1 |
2018-10-23 | CVE-2018-13402 | Open Redirect vulnerability in Atlassian Jira Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers to attack users, in some cases be able to obtain a user's Cross-site request forgery (CSRF) token, via a open redirect vulnerability. | 6.1 |
2018-10-23 | CVE-2018-13401 | Open Redirect vulnerability in Atlassian Jira The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allows remote attackers to obtain a user's Cross-site request forgery (CSRF) token through an open redirect vulnerability. | 6.1 |
2018-10-19 | CVE-2018-12675 | Open Redirect vulnerability in Sv3C H.264 POE IP Camera Firmware V2.3.4.2103S50Ntdb20170508B/V2.3.4.2103S50Ntdb20170823B The SV3C HD Camera (L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B) does not perform origin checks on URLs that the camera's web interface redirects a user to. | 6.1 |
2018-10-17 | CVE-2018-15493 | Open Redirect vulnerability in Vbulletin 5.4.3 vBulletin 5.4.3 has an Open Redirect. | 6.1 |