Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-16 | CVE-2018-10101 | Open Redirect vulnerability in Wordpress Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | 5.8 |
| 2018-04-16 | CVE-2018-10100 | Open Redirect vulnerability in Wordpress Before WordPress 4.9.5, the redirection URL for the login page was not validated or sanitized if forced to use HTTPS. | 5.8 |
| 2018-04-13 | CVE-2017-0364 | Open Redirect vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link. | 5.8 |
| 2018-04-13 | CVE-2017-0363 | Open Redirect vulnerability in multiple products Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites. | 5.8 |
| 2018-04-04 | CVE-2018-8813 | Open Redirect vulnerability in Wolfcms Wolf CMS 0.8.3.1 Open redirect vulnerability in the login[redirect] parameter login functionality in WolfCMS 0.8.3.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL. | 4.9 |
| 2018-04-03 | CVE-2017-7153 | Open Redirect vulnerability in Apple products An issue was discovered in certain Apple products. | 5.8 |
| 2018-03-30 | CVE-2018-3819 | Open Redirect vulnerability in Elastic Kibana The fix in Kibana for ESA-2017-23 was incomplete. | 5.8 |
| 2018-03-28 | CVE-2018-7674 | Open Redirect vulnerability in Netiq Identity Manager 4.5 The NetIQ Identity Manager user console, in versions prior to 4.7, is susceptible to URL redirection. | 6.1 |
| 2018-03-26 | CVE-2018-8937 | Open Redirect vulnerability in Open-Audit 2.1 An issue was discovered in Open-AudIT Professional 2.1. | 5.8 |
| 2018-03-14 | CVE-2018-0924 | Open Redirect vulnerability in Microsoft Exchange Server 2010/2013/2016 Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Service Pack 1, Microsoft Exchange Server 2016 Cumulative Update 7, and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vulnerability due to how URL redirects are handled, aka "Microsoft Exchange Information Disclosure Vulnerability". | 4.3 |