Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-26 | CVE-2018-18288 | Open Redirect vulnerability in Crushftp CrushFTP through 8.3.0 is vulnerable to credentials theft via URL redirection. | 6.1 |
| 2019-12-18 | CVE-2019-18781 | Open Redirect vulnerability in Zohocorp Manageengine Adselfservice Plus An open redirect vulnerability was discovered in Zoho ManageEngine ADSelfService Plus 5.x before 5809 that allows attackers to force users who click on a crafted link to be sent to a specified external site. | 6.1 |
| 2019-12-18 | CVE-2019-8791 | Open Redirect vulnerability in Apple Shazam An issue existed in the parsing of URL schemes. | 6.1 |
| 2019-12-18 | CVE-2019-19775 | Open Redirect vulnerability in Zulip Server The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | 6.1 |
| 2019-12-15 | CVE-2014-3652 | Open Redirect vulnerability in Redhat Keycloak 1.0.1 JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL. | 6.1 |
| 2019-12-11 | CVE-2019-19709 | Open Redirect vulnerability in multiple products MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | 6.1 |
| 2019-12-10 | CVE-2019-1486 | Open Redirect vulnerability in Microsoft Visual Studio 2019 and Visual Studio Live Share A spoofing vulnerability exists in Visual Studio Live Share when a guest connected to a Live Share session is redirected to an arbitrary URL specified by the session host, aka 'Visual Studio Live Share Spoofing Vulnerability'. | 6.1 |
| 2019-12-10 | CVE-2019-19703 | Open Redirect vulnerability in Jetbrains Ktor In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | 6.1 |
| 2019-12-10 | CVE-2016-1000107 | Open Redirect vulnerability in Erlang Erlang/Otp inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 6.1 |
| 2019-12-10 | CVE-2016-1000108 | Open Redirect vulnerability in multiple products yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | 6.1 |