Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2018-04-30 CVE-2017-18262 Open Redirect vulnerability in Blackboard Learn 1.10.1/9.1
Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI.
network
low complexity
blackboard CWE-601
6.1
6.1
2018-04-16 CVE-2018-10101 Open Redirect vulnerability in multiple products
Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server.
network
low complexity
wordpress debian CWE-601
6.1
6.1
2018-04-16 CVE-2018-10100 Open Redirect vulnerability in multiple products
Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS.
network
low complexity
wordpress debian CWE-601
6.1
6.1
2018-04-13 CVE-2017-0364 Open Redirect vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.
network
low complexity
mediawiki debian CWE-601
6.1
6.1
2018-04-13 CVE-2017-0363 Open Redirect vulnerability in multiple products
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.
network
low complexity
mediawiki debian CWE-601
6.1
6.1
2018-04-04 CVE-2018-8813 Open Redirect vulnerability in Wolfcms Wolf CMS 0.8.3.1
Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL.
network
low complexity
wolfcms CWE-601
4.8
4.8
2018-04-03 CVE-2017-7153 Open Redirect vulnerability in multiple products
An issue was discovered in certain Apple products.
network
low complexity
apple canonical CWE-601
6.1
6.1
2018-03-30 CVE-2018-3819 Open Redirect vulnerability in Elastic Kibana
The fix in Kibana for ESA-2017-23 was incomplete.
network
low complexity
elastic CWE-601
6.1
6.1
2018-03-28 CVE-2018-7674 Open Redirect vulnerability in Netiq Identity Manager 4.5
The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection.
network
low complexity
netiq CWE-601
6.1
6.1
2018-03-26 CVE-2018-8937 Open Redirect vulnerability in Open-Audit 2.1
An issue was discovered in Open-AudIT Professional 2.1.
network
low complexity
open-audit CWE-601
6.1
6.1