Jive before 2016.3.1 has an open redirect from the external-link.jspa page.Referenceshttp://www.ericgoldman.name/en/2016/vulnerability-report-jive-open-redirect/
