Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2018-09-13 CVE-2018-5548 Open Redirect vulnerability in F5 Big-Ip Access Policy Manager 11.6.1/11.6.2/11.6.3
On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.
network
low complexity
f5 CWE-601
6.1
6.1
2018-09-09 CVE-2018-16761 Open Redirect vulnerability in Eventum Project Eventum
Eventum before 3.4.0 has an open redirect vulnerability.
network
low complexity
eventum-project CWE-601
6.1
6.1
2018-09-07 CVE-2018-14398 Open Redirect vulnerability in Cremecrm 1.6.12
An issue was discovered in Creme CRM 1.6.12.
network
low complexity
cremecrm CWE-601
6.1
6.1
2018-09-06 CVE-2018-14366 Open Redirect vulnerability in multiple products
download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
network
low complexity
pulsesecure ivanti CWE-601
6.1
6.1
2018-09-06 CVE-2018-1000671 Open Redirect vulnerability in multiple products
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action.
network
low complexity
sympa debian CWE-601
6.1
6.1
2018-09-05 CVE-2018-15683 Open Redirect vulnerability in Btiteam Xbtit 2.5.4
An issue was discovered in BTITeam XBTIT.
network
low complexity
btiteam CWE-601
6.1
6.1
2018-08-28 CVE-2017-15419 Open Redirect vulnerability in multiple products
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
network
low complexity
redhat debian google CWE-601
6.5
6.5
2018-08-09 CVE-2018-7692 Open Redirect vulnerability in Microfocus Edirectory
Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.
network
low complexity
microfocus CWE-601
6.1
6.1
2018-08-08 CVE-2018-15178 Open Redirect vulnerability in Gogs
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
network
low complexity
gogs CWE-601
6.1
6.1
2018-08-06 CVE-2018-7091 Open Redirect vulnerability in HP XP 9000 Command View
HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.
network
low complexity
hp CWE-601
6.1
6.1