CVE-2017-7266
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.
6.1CVSS
6.2AI Score
0.002EPSS