Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-9837 | Open Redirect vulnerability in Openid Connect Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. | 5.8 |
| 2019-03-07 | CVE-2018-17422 | Open Redirect vulnerability in Dotcms dotCMS before 5.0.2 has open redirects via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. | 5.8 |
| 2019-03-07 | CVE-2019-3778 | Open Redirect vulnerability in multiple products Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. | 6.4 |
| 2019-03-05 | CVE-2019-0540 | Open Redirect vulnerability in Microsoft products A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | 4.3 |
| 2019-03-05 | CVE-2018-1939 | Open Redirect vulnerability in IBM Cloud Private 3.1.1 IBM Cloud Private 3.1.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2019-03-05 | CVE-2018-1875 | Open Redirect vulnerability in IBM products IBM InfoSphere Information Governance Catalog 11.3, 11.5, and 11.7 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 5.8 |
| 2019-02-20 | CVE-2018-19106 | Open Redirect vulnerability in Avinetworks AVI Vantage Avi Vantage before 17.2.13 uses an invalid URL encoding during a redirect operation, aka AV-33959. | 5.8 |
| 2019-02-17 | CVE-2016-10742 | Open Redirect vulnerability in multiple products Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. | 5.8 |
| 2019-02-15 | CVE-2019-8345 | Open Redirect vulnerability in Estrongs ES File Explorer File Manager 4.1.9.7.4 The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the URL. | 4.3 |
| 2019-02-13 | CVE-2019-5915 | Open Redirect vulnerability in Osstech Openam 13.0/13.0.0120 Open redirect vulnerability in OpenAM (Open Source Edition) 13.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | 5.8 |