Unauthenticated redirection to a malicious website
CWE-601
CVE-2022-27256
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.
CVE-2022-27090
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
CVE-2022-27109
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.
CVE-2022-27110
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.
CVE-2022-26950
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote unprivileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims’ credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred.