CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2025-27143 MEDIUM
Better Auth <1.1.21 - Open Redirect
CVSS 6.1
CVE-2025-1488 MEDIUM
WPO365 | MICROSOFT 365 GRAPH MAILER <= 3.2 - Unauthenticated Open Redirect via redirect_to Parameter
CVSS 4.7
CVE-2025-25300 LOW
smartbanner.js <1.14.1 - Open Redirect
CVE-2025-1269 MEDIUM
HAVELSAN Liman MYS <2.1.1-1010 - Open Redirect
CVSS 4.8
CVE-2025-21401 MEDIUM
Microsoft Edge Chromium < 133.0.3065.69 - Security Feature Bypass via URL Redirection
CVSS 4.5
CVE-2025-25198 HIGH
mailcow: dockerized <2025-01a - Info Disclosure
CVSS 7.1
CVE-2025-23363 HIGH
Teamcenter Open Redirect via SSO Login Service
CVSS 7.4
CVE-2025-24868 HIGH
SAP HANA XS Advanced (User Auth) - Unauthenticated Open Redirect via URL Validation
CVSS 7.1
CVE-2025-0970 MEDIUM
Zenvia Movidesk < 25.01.22 - Open Redirect via ReturnUrl Parameter
CVSS 4.3
CVE-2025-24741 MEDIUM
LOGON KB Support <= 1.6.7 - Open Redirect
CVSS 4.7
CVE-2025-24740 MEDIUM
ThimPress LearnPress <4.2.7.1 - Open Redirect
CVSS 4.7
CVE-2025-0705 MEDIUM
bootplus < 2020-08-24 - Open Redirect via QrCodeController qrCode Function
CVSS 4.3
CVE-2025-21512 MEDIUM
Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Unauthenticated Open Redirect in Web Runtime SEC
CVSS 6.1
CVE-2025-24020 MEDIUM
WeGIA <= 3.2.10 - Open Redirect via control.php nextPage Parameter
CVSS 6.1
CVE-2025-23086 MEDIUM
Brave Desktop Browser 1.70.117-1.74.48 - Origin Spoofing via Open Redirect
CVSS 6.1
CVE-2025-0244 MEDIUM
Firefox < 134.0 - Address Bar Spoofing via Invalid Protocol Scheme Redirect
CVSS 5.3
CVE-2024-58342 MEDIUM
XenForo Open Redirect via getDynamicRedirect
CVSS 6.3
CVE-2024-8527 HIGH
Automated Logic WebCTRL & Carrier i-Vu <9.0 - Open Redirect
CVE-2024-13983 MEDIUM
Google Chrome < 136.0.7103.59 - UI Spoofing via Crafted QR Code in Lens
CVSS 6.3
CVE-2024-55017 HIGH
Corezoid 6.6.0 - Account Takeover via OAuth2 redirect_uri Open Redirect
CVSS 7.5
CVE-2024-12924 MEDIUM
Akınsoft QR Menü <1.05.12 - Open Redirect
CVSS 6.3
CVE-2024-34328 MEDIUM
Sielox AnyWare <2.1.2 - Open Redirect
CVSS 6.3
CVE-2024-37658 MEDIUM
gnuboard5 5.5.16 - Open Redirect via bbs/member_confirm.php
CVSS 6.1
CVE-2024-37657 MEDIUM
gnuboard5 5.5.16 - Open Redirect via bbs/login.php
CVSS 6.1
CVE-2024-37656 MEDIUM
gnuboard5 5.5.16 - Open Redirect via Insufficient URL Parameter Verification
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits