CWE-601

U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website.

An open redirect to malicious sites can occur when accessing the “Feedback” action on the manager page.

In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.

Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.

An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.