Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')

DATE CVE VULNERABILITY TITLE RISK
2018-01-02 CVE-2017-1000434 Open Redirect vulnerability in Furikake Project Furikake 0.1.0
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));
network
low complexity
furikake-project CWE-601
6.1
6.1
2017-12-13 CVE-2017-1558 Open Redirect vulnerability in IBM products
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.
network
low complexity
ibm CWE-601
6.1
6.1
2017-12-12 CVE-2017-16679 Open Redirect vulnerability in SAP Kernel
URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49 and 7.52, that allows an attacker to redirect users to a malicious site.
network
low complexity
sap CWE-601
6.1
6.1
2017-12-08 CVE-2017-11482 Open Redirect vulnerability in Elastic Kibana
The Kibana fix for CVE-2017-8451 was found to be incomplete.
network
low complexity
elastic CWE-601
6.1
6.1
2017-12-01 CVE-2017-3105 Open Redirect vulnerability in Adobe Robohelp
Adobe RoboHelp has an Open Redirect vulnerability.
network
low complexity
adobe CWE-601
6.1
6.1
2017-11-30 CVE-2017-12344 Open Redirect vulnerability in Cisco Data Center Network Manager 10.2(1)
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software.
network
low complexity
cisco CWE-601
6.1
6.1
2017-11-17 CVE-2017-1000163 Open Redirect vulnerability in Phoenixframework Phoenix
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
network
low complexity
phoenixframework CWE-601
6.1
6.1
2017-11-15 CVE-2017-11879 Open Redirect vulnerability in Microsoft Asp.Net Core 2.0
ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".
network
low complexity
microsoft CWE-601
8.8
8.8
2017-11-10 CVE-2017-16761 Open Redirect vulnerability in Inedo Buildmaster
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
network
low complexity
inedo CWE-601
6.1
6.1
2017-11-06 CVE-2017-16569 Open Redirect vulnerability in Zurmo CRM 3.2.1.57987Acc3018
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting.
network
low complexity
zurmo CWE-601
4.8
4.8