Vulnerabilities > URL Redirection to Untrusted Site ('Open Redirect')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-5986 | Open Redirect vulnerability in Schneider-Electric Ecostruxure Power Monitoring Expert 2020/2021 A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. | 6.1 |
| 2023-11-07 | CVE-2019-25155 | Open Redirect vulnerability in Cure53 Dompurify DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | 6.1 |
| 2023-10-31 | CVE-2023-20886 | Open Redirect vulnerability in VMWare Workspace ONE UEM VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. | 6.1 |
| 2023-10-30 | CVE-2023-4964 | Open Redirect vulnerability in Microfocus products Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. | 6.1 |
| 2023-10-25 | CVE-2023-36085 | Open Redirect vulnerability in Sisqualwfm 7.1.319.103 The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. | 6.1 |
| 2023-10-22 | CVE-2021-46898 | Open Redirect vulnerability in Vonautomatisch Django Grappelli views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | 6.1 |
| 2023-10-18 | CVE-2023-45909 | Open Redirect vulnerability in Zzzcms Zzzphp 2.2.0 zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | 6.1 |
| 2023-10-15 | CVE-2018-25091 | Open Redirect vulnerability in Python Urllib3 urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). | 6.1 |
| 2023-09-29 | CVE-2023-3922 | Open Redirect vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. | 7.1 |
| 2023-09-19 | CVE-2023-23957 | Open Redirect vulnerability in Symantec Identity Portal 14.4 An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | 5.4 |