CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2024-27184 MEDIUM
Joomla 3.4.6-3.10.17 and 4.0-4.4.7 - Open Redirect
CVSS 6.1
CVE-2024-6377 HIGH
3DPassport <3DEXPERIENCE R2024x - Open Redirect
CVSS 8.1
CVE-2024-43280 MEDIUM
Salon Booking System <10.8.1 - Open Redirect
CVSS 4.7
CVE-2024-43236 MEDIUM
Scott Paterson Easy PayPal Buy Now Button - Open Redirect
CVSS 4.7
CVE-2024-7902 MEDIUM
Open Journal Systems < 3.4.0-6 - Open Redirect via Login SignOut Source Parameter
CVSS 4.3
CVE-2024-42353 MEDIUM
WebOb < 1.8.8 - Open Redirect via URL Parsing Hostname Override
CVSS 6.1
CVE-2024-38211 HIGH
Microsoft Dynamics 365 (on-premises) - XSS
CVSS 8.2
CVE-2024-7211 MEDIUM
1E Platform - Open Redirect via Duende Identity Server
CVSS 4.7
CVE-2024-41955 MEDIUM
Mobile Security Framework < 4.0.5 - Open Redirect in Authentication View
CVSS 5.2
CVE-2024-39694 MEDIUM
Duende IdentityServer 6.0.0-6.0.4, 6.1.0-6.1.7, 6.2.0-6.2.4, 6.3.0-6.3.9, 7.0.0-7.0.5 Open Redirect
CVSS 4.7
CVE-2024-41801 MEDIUM
OpenProject < 14.3.0 - Open Redirect via Forged HOST Header
CVSS 4.7
CVE-2024-21684 MEDIUM
Bitbucket Data Center 8.0.0-8.9.12 and 8.19.0-8.19.1 - Unauthenticated Open Redirect
CVSS 4.3
CVE-2024-20400 MEDIUM
Cisco Expressway Series - Open Redirect
CVSS 4.7
CVE-2024-6289 MEDIUM
WPS Hide Login <1.9.16.4 - Auth Bypass
CVSS 6.1
CVE-2024-6149 MEDIUM
Citrix Workspace app for HTML5 - Open Redirect
CVSS 6.1
CVE-2024-5492 MEDIUM
Citrix NetScaler ADC and Gateway 12.1-12.1-55.304, 13.0-13.0-92.31 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2024-37830 MEDIUM
Outline <= 0.76.1 - Open Redirect via State Cookie Manipulation
CVSS 6.1
CVE-2024-4882 MEDIUM
Sitefinity <15.1.8321.0 - Open Redirect
CVE-2024-37234 LOW
Kodezen Limited Academy LMS - Open Redirect
CVSS 3.5
CVE-2024-5936 MEDIUM
privategpt 0.5.0 - Open Redirect via File Parameter
CVSS 6.1
CVE-2024-4704 MEDIUM
Contact Form 7 < 5.9.5 - Open Redirect via False URL
CVSS 6.1
CVE-2024-4604 MEDIUM
Magarsus Consultancy SSO <1.1 - Open Redirect
CVSS 6.1
CVE-2024-37141 LOW
Dell PowerProtect DD < 7.7.5.40 - URL Redirection to Untrusted Site
CVSS 3.5
CVE-2024-24764 LOW
October CMS <3.5.15 - Open Redirect
CVSS 3.5
CVE-2024-4900 MEDIUM
SEOPress < 7.8 - Open Redirect via Post Settings
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits