CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2024-52003 MEDIUM
Traefik < 2.11.14 and < 3.2.1 - Open Redirect via X-Forwarded-Prefix Header
CVSS 6.1
CVE-2024-53264 MEDIUM
bunkerweb < 1.5.11 - Open Redirect via Loading Endpoint Next Parameter
CVE-2024-8526 MEDIUM
Automated Logic WebCTRL 7.0 - Open Redirect
CVE-2024-52512 LOW
Nextcloud User OIDC 6.0.0-6.0.9 - Open Redirect via Malformed Login Link
CVSS 3.3
CVE-2024-1240 MEDIUM
pyload 0.5.0 - Open Redirect via Login Next Parameter
CVSS 6.1
CVE-2024-11207 MEDIUM
Apereo CAS 6.6 - Open Redirect via /login redirect_uri Parameter
CVSS 4.3
CVE-2024-30140 MEDIUM
HCL BigFix Compliance - Open Redirect
CVSS 5.4
CVE-2024-50345 LOW
symfony/http-foundation < 5.4.46 - Open Redirect via URI Parsing Discrepancy
CVSS 3.1
CVE-2024-48463 MEDIUM
Bruno < 1.29.1 - Open Redirect via Markdown Docs Viewer
CVSS 6.5
CVE-2024-25566 MEDIUM
ForgeRock Access Management < 7.0.2 - Open Redirect via Improper URL Validation
CVSS 6.1
CVE-2024-42930 MEDIUM
pbootcms 3.2.8 - Open Redirect
CVSS 6.1
CVE-2024-50463 MEDIUM
Sunshine Photo Cart <= 3.2.9 - Open Redirect
CVSS 4.7
CVE-2024-49682 MEDIUM
Simple Membership <= 4.5.3 - Open Redirect
CVSS 4.7
CVE-2024-46326 MEDIUM
Public Knowledge Project pkp-lib <3.4.0-7 - Open Redirect
CVSS 6.1
CVE-2024-47353 MEDIUM
QuomodoSoft ElementsReady <6.4.2 - Open Redirect
CVSS 4.7
CVE-2024-47648 MEDIUM
EventPrime <4.0.4.5 - Open Redirect
CVSS 4.7
CVE-2024-47354 MEDIUM
Simple Membership After Login Redirection <= 1.6 - Open Redirect
CVSS 4.7
CVE-2024-43543 MEDIUM
Windows Mobile Broadband Driver - Remote Code Execution
CVSS 6.8
CVE-2024-43536 MEDIUM
Windows 10/11 Mobile Broadband Driver RCE (1809-23H2)
CVSS 6.8
CVE-2024-46886 MEDIUM
SIMATIC Drive Controller and ET 200SP CPU - Open Redirect via Web Server Input
CVSS 4.7
CVE-2024-45247 MEDIUM
Sonarr < 4.0.9.2244 - Open Redirect
CVSS 6.1
CVE-2024-47646 MEDIUM
Payflex Payment Gateway <2.6.1 - Open Redirect
CVSS 4.7
CVE-2024-43683 MEDIUM
Microchip TimeProvider 4100 Firmware 1.0-2.4.6 - Open Redirect via HTTP Headers
CVSS 6.1
CVE-2024-8148 MEDIUM
Esri Portal for ArcGIS <11.2 - Open Redirect
CVSS 6.1
CVE-2024-38037 MEDIUM
Esri Portal for ArcGIS <11.0 - Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits