CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-5183 LOW
Summer Pearl Group Vacation Rental Management Platform < 1.0.2 - Open Redirect via Host Header
CVSS 3.5
CVE-2025-23183 MEDIUM
UBtech Freepass - Open Redirect
CVSS 6.1
CVE-2025-4123 HIGH
Grafana < 10.4.18 - XSS
CVSS 7.6
CVE-2025-47854 MEDIUM
JetBrains TeamCity < 2025.03.2 - Open Redirect via VCS Root Page Editing
CVSS 4.3
CVE-2025-4838 MEDIUM
Kanwangzjm Funiture <71ca0fb0658b3d839d9e049ac36429207f05329b - Ope...
CVSS 4.3
CVE-2025-32962 MEDIUM
Flask-AppBuilder < 4.6.2 - Unauthenticated Open Redirect via Host Header Manipulation
CVSS 4.3
CVE-2025-40630 MEDIUM
IceWarp Mail Server 11.4.0 - Open Redirect via Malicious URL
CVSS 6.1
CVE-2025-47789 MEDIUM
horilla <= 1.3 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2025-30010 MEDIUM
SAP Supplier Relationship Management - Open Redirect
CVSS 6.1
CVE-2025-4513 MEDIUM
Catalyst User Key Authentication Plugin 20220819 - Open Redirect
CVSS 4.3
CVE-2025-40846 HIGH
Halo <2.174.101, 2.175.1-2.184.21 - Open Redirect
CVE-2025-46826 LOW
INSAgenda insa-auth - Open Redirect
CVE-2025-47644 MEDIUM
Zoho CRM with Elementor form <1.0.7 - Open Redirect
CVSS 4.7
CVE-2025-47456 MEDIUM
WP Gravity Forms Zendesk <1.1.2 - Open Redirect
CVSS 4.7
CVE-2025-47455 MEDIUM
CRM Perks Integration - Open Redirect
CVSS 4.7
CVE-2025-47454 MEDIUM
WP Gravity Forms Dynamics CRM <1.1.4 - Open Redirect
CVSS 4.7
CVE-2025-4328 LOW
fp2952 spring-cloud-base <7f050dc6db9afab82c5ce1d41cd74ed255ec9bfa ...
CVSS 3.5
CVE-2025-46553 MEDIUM
@misskey-dev/summaly <5.2.1 - Info Disclosure
CVSS 6.1
CVE-2025-4143 MEDIUM
cloudflare/workers-oauth-provider < 0.0.5 - Open Redirect via Improper redirect_uri Validation
CVSS 6.1
CVE-2025-3859 MEDIUM
Mozilla Firefox Focus < 138.0 - User Interface Misrepresentation via URL Eliding
CVSS 6.1
CVE-2025-32970 MEDIUM
XWiki WYSIWYG API - Open Redirect
CVSS 6.1
CVE-2025-2068 MEDIUM
FileZ Client < 11.0.0.10 - Open Redirect via Crafted URL
CVSS 5.0
CVE-2025-39404 MEDIUM
Heateor Support Sassy Social Share <3.3.73 - Open Redirect
CVSS 4.7
CVE-2025-39599 MEDIUM
Webilia Inc. Listdom <4.0.0 - Open Redirect
CVSS 4.7
CVE-2025-39597 MEDIUM
Arthur Yarwood Fast eBay Listings <2.12.15 - Open Redirect
CVSS 4.7
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits