Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-01 | CVE-2018-3743 | Open Redirect vulnerability in Hekto Project Hekto Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server. | 6.1 |
| 2018-05-23 | CVE-2018-10651 | Open Redirect vulnerability in Citrix Xenmobile Server 10.7/10.8 There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. | 6.1 |
| 2018-05-22 | CVE-2015-8094 | Open Redirect vulnerability in Cloudera HUE 3.9.0 Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | 6.1 |
| 2018-05-17 | CVE-2018-11119 | Open Redirect vulnerability in Ilias ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user to a third-party site via the return_to_url parameter. | 6.1 |
| 2018-05-13 | CVE-2018-10678 | Open Redirect vulnerability in Mybb 1.8.15 MyBB 1.8.15, when accessed with Microsoft Edge, mishandles 'target="_blank" rel="noopener"' in A elements, which makes it easier for remote attackers to conduct redirection attacks. | 6.1 |
| 2018-05-11 | CVE-2018-5304 | Open Redirect vulnerability in Impinj R420 Rfid Reader Firmware An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. | 4.3 |
| 2018-05-08 | CVE-2018-1000174 | Open Redirect vulnerability in Jenkins Google Login An open redirect vulnerability exists in Jenkins Google Login Plugin 1.3 and older in GoogleOAuth2SecurityRealm.java that allows attackers to redirect users to an arbitrary URL after successful login. | 6.1 |
| 2018-05-08 | CVE-2018-1248 | Open Redirect vulnerability in RSA Authentication Manager RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. | 6.1 |
| 2018-04-30 | CVE-2017-18262 | Open Redirect vulnerability in Blackboard Learn 1.10.1/9.1 Blackboard Learn (Since at least 17th of October 2017) has allowed Unvalidated Redirects on any signed-in user through its endpoints for handling Shibboleth logins, as demonstrated by a webapps/bb-auth-provider-shibboleth-BBLEARN/execute/shibbolethLogin?returnUrl= URI. | 6.1 |
| 2018-04-16 | CVE-2018-10101 | Open Redirect vulnerability in multiple products Before WordPress 4.9.5, the URL validator assumed URLs with the hostname localhost were on the same host as the WordPress server. | 6.1 |