Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-05 | CVE-2019-5965 | Open Redirect vulnerability in Joruri Mail 2.1.4 Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 |
| 2019-07-03 | CVE-2019-10721 | Open Redirect vulnerability in Dotnetblogengine Blogengine.Net 3.3.7.0 BlogEngine.NET 3.3.7.0 allows a Client Side URL Redirect via the ReturnUrl parameter, related to BlogEngine/BlogEngine.Core/Services/Security/Security.cs, login.aspx, and register.aspx. | 6.1 |
| 2019-07-02 | CVE-2019-13175 | Open Redirect vulnerability in Readthedocs Read the Docs Read the Docs before 3.5.1 has an Open Redirect if certain user-defined redirects are used. | 6.1 |
| 2019-07-01 | CVE-2019-7275 | Open Redirect vulnerability in Optergy Enterprise and Proton Optergy Proton/Enterprise devices allow Open Redirect. | 6.1 |
| 2019-06-29 | CVE-2019-13038 | Open Redirect vulnerability in multiple products mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. | 6.1 |
| 2019-06-27 | CVE-2019-5823 | Open Redirect vulnerability in multiple products Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 5.4 |
| 2019-06-26 | CVE-2019-10133 | Open Redirect vulnerability in Moodle A flaw was found in Moodle before 3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18. | 6.1 |
| 2019-06-25 | CVE-2019-4153 | Open Redirect vulnerability in IBM Security Access Manager IBM Security Access Manager 9.0.1 through 9.0.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. | 6.8 |
| 2019-06-19 | CVE-2017-14394 | Open Redirect vulnerability in Forgerock Access Management and Openam OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect. | 6.1 |
| 2019-06-12 | CVE-2019-11269 | Open Redirect vulnerability in multiple products Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. | 5.4 |