CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2024-9266 MEDIUM
Express 3.4.5-4.0.0 - Open Redirect via Response Object
CVSS 4.7
CVE-2024-47530 MEDIUM
Scout < 4.89 - Open Redirect via Login Next Parameter
CVSS 5.4
CVE-2024-9329 MEDIUM
Eclipse Glassfish < 7.0.17 - Open Redirect via Host HTTP Parameter
CVSS 6.1
CVE-2024-46331 HIGH
ModStartCMS v8.8.0 - Open Redirect via Redirect Parameter
CVSS 7.2
CVE-2024-45981 HIGH
BookReviewLibrary 1.0 - Host Header Injection via Password Reset Link
CVSS 8.8
CVE-2024-45979 HIGH
Lines Police CAD 1.0 - Host Header Injection
CVSS 8.8
CVE-2024-8883 MEDIUM
Red Hat Build of Keycloak - Open Redirect via Misconfigured Valid Redirect URI
CVSS 6.1
CVE-2024-8897 MEDIUM
Firefox for Android < 130.0.1 - Address Bar Spoofing via Open Redirect
CVSS 6.1
CVE-2024-8761 HIGH
Share This Image <2.03 - Open Redirect
CVSS 7.2
CVE-2024-4283 MEDIUM
GitLab EE <17.1.7-17.3.2 - Open Redirect
CVSS 6.4
CVE-2024-4612 MEDIUM
GitLab 12.9.0-17.1.6, 17.2.0-17.2.4, 17.3.0-17.3.1 - Open Redirect via OAuth Flow
CVSS 6.4
CVE-2024-7312 MEDIUM
Payara Server 4.1.2.191.0-4.1.2.191.50 5.20.0-5.67.0 6.0.0-6.18.0 - Open Redirect via REST Management Interface
CVSS 6.1
CVE-2024-8646 MEDIUM
Eclipse Glassfish <7.0.10 - Open Redirect
CVSS 6.1
CVE-2024-7260 MEDIUM
Keycloak < 24.0.7 - Open Redirect via Referrer URI Parameter
CVSS 6.1
CVE-2024-8586 MEDIUM
WebITR < 2.1.0.28 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2024-42341 MEDIUM
Loway QueueMetrics 22.11.6-24.05.5 - Open Redirect
CVSS 6.1
CVE-2024-8555 MEDIUM
SourceCodester Clinics Patient Management System 2.0 - Open Redirect
CVSS 4.3
CVE-2024-8412 MEDIUM
LinuxOSsk Shakal-NG <1.3.3 - Open Redirect
CVSS 4.3
CVE-2024-8386 MEDIUM
Firefox < 130- Thunderbird < 128.2 - XSS
CVSS 6.1
CVE-2024-44776 MEDIUM
vtiger CRM v7.4.0 - Open Redirect via Page Parameter
CVSS 6.1
CVE-2024-35133 MEDIUM
IBM Security Verify Access 10.0.0-10.0.8 - Authenticated Open Redirect via OIDC Provider
CVSS 6.8
CVE-2024-7941 MEDIUM
Hitachi Energy MicroSCADA X SYS600 - Open Redirect via HTTP Parameter
CVSS 4.3
CVE-2024-39097 MEDIUM
Gnuboard < 6.0.5 - Open Redirect via Login URL Parameter
CVSS 6.1
CVE-2024-7428 MEDIUM
OpenText Network Node Manager i 2022.11 2023.05 23.4 24.2 - Open Redirect
CVE-2024-43794 MEDIUM
OpenSearch Dashboards Security Plugin <2.16.0 - Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits