CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2024-4940 MEDIUM
gradio - Open Redirect via Improper URL Validation
CVSS 6.1
CVE-2024-3597 HIGH
Export WP Page to Static HTML/CSS <2.2.2 - Open Redirect
CVSS 7.1
CVE-2024-37881 MEDIUM
SiteGuard WP Plugin <1.7.7 - Info Disclosure
CVSS 5.3
CVE-2024-23442 MEDIUM
Kibana < 7.17.22 - Open Redirect via Maliciously Crafted URL
CVSS 6.1
CVE-2024-3032 MEDIUM
Themify Builder < 7.5.8 - Open Redirect via Unvalidated Parameter
CVSS 6.1
CVE-2024-34065 HIGH
Strapi < 4.24.2 - Unauthenticated Authentication Bypass via Open Redirect and Session Token Exposure
CVSS 7.1
CVE-2024-22244 MEDIUM
Harbor <=2.8.4-2.10.0 - Open Redirect
CVSS 4.3
CVE-2024-36419 MEDIUM
SuiteCRM <8.6.1 - Host Header Injection
CVSS 4.3
CVE-2024-36406 MEDIUM
SuiteCRM <7.14.4-8.6.1 - Open Redirect
CVSS 5.4
CVE-2024-23664 MEDIUM
FortiAuthenticator 6.4.0-6.4.9, 6.5.0-6.5.3, 6.6.0 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2024-34071 MEDIUM
Umbraco CMS 8.18.5-8.18.14 - Authenticated Open Redirect
CVSS 6.1
CVE-2024-20369 MEDIUM
Cisco Crosswork NSO - Open Redirect
CVSS 4.7
CVE-2024-4773 HIGH
Firefox < 126.0 - URL Spoofing via Network Error Page Load
CVSS 7.5
CVE-2024-4445 MEDIUM
WP Compress - Image Optimizer [All-In-One] <6.20.01 - Info Disclosure
CVSS 6.5
CVE-2024-34074 MEDIUM
Frappe <15.26.0-14.74.0 - Open Redirect
CVSS 6.1
CVE-2024-4133 MEDIUM
ARMember - Membership Plugin < 4.0.30 - Unauthenticated Open Redirect via redirect_to Parameter
CVSS 6.1
CVE-2024-33930 MEDIUM
ILLID Share This Image <1.97 - Open Redirect
CVSS 4.7
CVE-2024-25676 MEDIUM
ViewerJS 0.5.8 - Open Redirect via URL Tag
CVSS 4.7
CVE-2024-26504 HIGH
Wifire Hotspot 4.5.3 - Open Redirect via dst Parameter
CVSS 8.8
CVE-2024-33584 MEDIUM
Video Conferencing with Zoom <4.4.4 - Open Redirect
CVSS 4.7
CVE-2024-33661 CRITICAL
Portainer < 2.20.0 - Open Redirect via Non-Index.YAML Target
CVSS 9.1
CVE-2024-32078 MEDIUM
Foliovision FV Flowplayer Video Player <7.5.44.7212 - Open Redirect
CVSS 4.1
CVE-2024-28076 HIGH
SolarWinds Platform < 2024.1.1 - Open Redirect via URL Parameter
CVSS 7.0
CVE-2024-2419 HIGH
Keycloak < 22.0.10 - Open Redirect via redirect_uri Validation Bypass
CVSS 7.1
CVE-2024-21065 MEDIUM
Oracle PeopleSoft Enterprise PeopleTools 8.59-8.61 - Unauthenticated Open Redirect in Workflow
CVSS 6.1
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits