Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2016-10742 User=admin}