CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2024-56960 MEDIUM
Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1...
CVSS 6.5
CVE-2024-56959 MEDIUM
Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 - Info Disclosure
CVSS 6.5
CVE-2024-56957 MEDIUM
Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0...
CVSS 6.5
CVE-2024-56955 MEDIUM
Tencent Technology (Shenzhen) Company Limited QQMail <6.6.4 - Info ...
CVSS 6.5
CVE-2024-56954 MEDIUM
Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video <7.70...
CVSS 6.5
CVE-2024-56953 MEDIUM
Baidu Input Method <12.6.13 - Info Disclosure
CVSS 6.5
CVE-2024-56952 MEDIUM
Baidu Lite <6.40.0 - Info Disclosure
CVSS 6.5
CVE-2024-56951 MEDIUM
Hangzhou Bobo Technology Co Ltd UU Game Booster <10.6.13 - Info Dis...
CVSS 6.5
CVE-2024-56950 MEDIUM
KuGou Concept <4.0.61 - Info Disclosure
CVSS 6.5
CVE-2024-56949 MEDIUM
University Search iOS <2.27.0 - Info Disclosure
CVSS 6.5
CVE-2024-56948 MEDIUM
KuGou Music iOS <20.0.0 - Info Disclosure
CVSS 6.5
CVE-2024-56947 MEDIUM
BeautyCam iOS <12.3.60 - Info Disclosure
CVSS 6.5
CVE-2024-55892 MEDIUM
TYPO3 9.0.0-9.5.48 - Open Redirect via URI Host Validation Bypass
CVSS 4.8
CVE-2024-46481 HIGH
Venki Supravizio BPM < 18.1.1 - Open Redirect and Reflected Cross-Site Scripting
CVSS 7.2
CVE-2024-53995 LOW
SickChill <= 2024.3.1 - Authenticated Open Redirect via Login Next Parameter
CVE-2024-56734 MEDIUM
better-auth < 1.1.6 - Open Redirect via Email Verification Callback URL Parameter
CVSS 6.1
CVE-2024-12990 MEDIUM
ruifang-tech Rebuild <3.8.6 - Open Redirect
CVSS 4.3
CVE-2024-45082 MEDIUM
IBM Cognos Analytics <12.0.3 - Open Redirect
CVSS 6.8
CVE-2024-55452 MEDIUM
UJCMS 9.6.3 - Authenticated Open Redirect via Block Item Upload
CVSS 5.4
CVE-2024-9387 MEDIUM
GitLab 11.8-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Open Redirect via Releases API Endpoint
CVSS 6.4
CVE-2024-11274 HIGH
GitLab 16.1-17.4.5, 17.5-17.5.3, 17.6-17.6.1 - Session Data Exfiltration via NEL Header Injection in k8s Proxy Response
CVSS 8.7
CVE-2024-54051 MEDIUM
Adobe Connect <12.6, 11.4.7 - Open Redirect
CVSS 6.1
CVE-2024-54050 MEDIUM
Adobe Connect <12.6, 11.4.7 - Open Redirect
CVSS 6.1
CVE-2024-38485 MEDIUM
Dell ECS < 3.8.0.0 - Host Header Injection
CVSS 4.3
CVE-2024-54255 MEDIUM
aviplugins.com Login Widget With Shortcode <6.1.2 - Open Redirect
CVSS 4.7
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits