Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2018-04-16 CVE-2018-10100 Open Redirect vulnerability in multiple products
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
network
low complexity
wordpress debian CWE-601
6.1
2018-04-13 CVE-2017-0364 Open Redirect vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
network
low complexity
mediawiki debian CWE-601
6.1
2018-04-13 CVE-2017-0363 Open Redirect vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
network
low complexity
mediawiki debian CWE-601
6.1
2018-04-04 CVE-2018-8813 Open Redirect vulnerability in Wolfcms Wolf CMS 0.8.3.1
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.
network
low complexity
wolfcms CWE-601
4.8
2018-04-03 CVE-2017-7153 Open Redirect vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple canonical CWE-601
6.1
2018-03-30 CVE-2018-3819 Open Redirect vulnerability in Elastic Kibana
The fix in Kibana for ESA-2017-23 was incomplete.
network
low complexity
elastic CWE-601
6.1
2018-03-28 CVE-2018-7674 Open Redirect vulnerability in Netiq Identity Manager 4.5
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
network
low complexity
netiq CWE-601
6.1
2018-03-26 CVE-2018-8937 Open Redirect vulnerability in Open-Audit 2.1
An issue was discovered in Open-AudIT Professional 2.1.
network
low complexity
open-audit CWE-601
6.1
2018-03-14 CVE-2018-0924 Open Redirect vulnerability in Microsoft Exchange Server 2010/2013/2016
Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability".
network
low complexity
microsoft CWE-601
6.5
2018-03-08 CVE-2018-1220 Open Redirect vulnerability in EMC RSA Archer
EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect vulnerability in the QuickLinks feature.
network
low complexity
emc CWE-601
6.1