CWE-601

The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security enabled, Kibana versions before 6.1.3 and 5.6.7 have an open redirect vulnerability on the login page that would enable an attacker to craft a link that redirects to an arbitrary website.

Open redirect in hekto <=0.2.3 when target domain name is used as html filename on server.

Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.

cPanel before 70.0.23 allows an open redirect via the /unprotected/redirect.html endpoint (SEC-392).

cPanel before 76.0.8 has an open redirect when resetting connections (SEC-462).

The floragunn Search Guard plugin before 6.x-16 for Kibana allows URL injection for login redirects on the login page when basePath is set.