Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-07 | CVE-2018-7473 | Open Redirect vulnerability in Soconnect Sowifi Hotspot Firmware 140 Open redirect vulnerability in the SO Connect SO WIFI hotspot web interface, prior to version 140, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL. | 6.1 |
| 2018-03-02 | CVE-2017-14802 | Open Redirect vulnerability in Netiq Access Manager Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites. | 6.1 |
| 2018-03-01 | CVE-2017-6932 | Open Redirect vulnerability in multiple products Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. | 4.7 |
| 2018-02-28 | CVE-2015-3898 | Open Redirect vulnerability in Bonitasoft Bonita BPM Portal Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice. | 6.1 |
| 2018-02-16 | CVE-2018-6324 | Open Redirect vulnerability in F-Secure Radar 3.9.1 F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. | 6.1 |
| 2018-02-15 | CVE-2017-8945 | Open Redirect vulnerability in HP Icewall Federation Agent 3.0 A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found. | 6.1 |
| 2018-02-12 | CVE-2017-18178 | Open Redirect vulnerability in Progress Sitefinity 9.1 Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue in which an authentication token is sent to the redirection target, if the target is specified using a certain %40 syntax. | 6.1 |
| 2018-02-02 | CVE-2016-0329 | Open Redirect vulnerability in IBM Emptoris Sourcing Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before 10.0.0.1_iFix3, 10.0.1.x before 10.0.1.3_iFix3, 10.0.2.x before 10.0.2.8_iFix1, 10.0.4.0 before 10.0.4.0_iFix8, and 10.1.0.0 before 10.1.0.0_iFix3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 5.4 |
| 2018-02-02 | CVE-2018-6520 | Open Redirect vulnerability in Simplesamlphp SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open redirect protection mechanism via crafted authority data in a URL. | 6.1 |
| 2018-01-26 | CVE-2017-2166 | Open Redirect vulnerability in Groupsession 4.6.4/4.7.0 Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 6.1 |