A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka ‘Microsoft Office Security Feature Bypass Vulnerability’.
CWE-601
CVE-2021-46366
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users’ credentials.
CVE-2021-46379
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
CVE-2021-45328
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (‘Open Redirect’) via internal URLs.
CVE-2021-45408
Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the “referuri” parameter.
CVE-2021-44528
A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a “X-Forwarded-Host” headers in combination with certain “allowed host” formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.