CWE-601

Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.

macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.

The appstore before 8.12.0.0 exposes some of its components, and the attacker can cause remote download and install apps through carefully constructed parameters.

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.

A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka ‘Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability’.