CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2024-22262 HIGH
UriComponentsBuilder - SSRF/Open Redirect
CVSS 8.1
CVE-2024-1183 MEDIUM
gradio 3.41.0-4.10.0 - Server-Side Request Forgery via File Parameter
CVSS 6.5
CVE-2024-32129 MEDIUM
Freshworks Freshdesk <2.3.6 - Open Redirect
CVSS 4.7
CVE-2024-27592 MEDIUM
Corezoid Process Engine <6.5.0 - Open Redirect
CVSS 4.3
CVE-2024-28344 LOW
Sipwise C5 NGCP Dashboard < mr11.5.1 - Open Redirect via Double-Encoded URL Parameter
CVSS 3.1
CVE-2024-31282 MEDIUM
Appcheap App Builder <= 3.8.7 - Open Redirect
CVSS 4.7
CVE-2024-31253 MEDIUM
WP OAuth Server < 4.3.3 - Open Redirect
CVSS 4.7
CVE-2024-31213 LOW
InstantCMS < 2.16.2 - Open Redirect via User Profile Modification
CVSS 3.5
CVE-2024-28287 HIGH
INSTINCT UI Web Client 6.5.0 - Open Redirect
CVSS 7.3
CVE-2024-22248 HIGH
VMware SD-WAN Orchestrator - Open Redirect
CVSS 7.1
CVE-2024-31135 MEDIUM
JetBrains TeamCity < 2024.03 - Open Redirect on Login Page
CVSS 6.1
CVE-2024-29041 MEDIUM
Express.js < 4.19.2 - Open Redirect via Malformed URL Bypass
CVSS 6.1
CVE-2024-2465 HIGH
CDeX < 5.71 - Open Redirect via Crafted URL
CVSS 7.1
CVE-2024-27291 MEDIUM
Docassemble <1.4.97 - Open Redirect
CVSS 6.1
CVE-2024-24818 MEDIUM
EspoCRM < 8.1.2 - Open Redirect via Password Change Page
CVSS 5.9
CVE-2024-0337 MEDIUM
Travelpayouts WordPress plugin < 1.1.17 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2024-25657 MEDIUM
AVSystem UMP <23.07.0.16567~LTS - Open Redirect
CVSS 5.4
CVE-2024-22259 HIGH
Spring Framework - Open Redirect/SSRF
CVSS 8.1
CVE-2024-28239 MEDIUM
Directus < 10.10.0 - Open Redirect via Auth API Redirect Parameter
CVSS 5.4
CVE-2024-28113 LOW
Peering Manager <=1.8.2 - Open Redirect via Crafted URL
CVSS 3.5
CVE-2024-1227 MEDIUM
Rejetto Http File Server 2.2a build 124 - Open Redirect
CVSS 6.5
CVE-2024-22891 CRITICAL
nteract 0.28.0 - Remote Code Execution via Markdown Link
CVSS 9.8
CVE-2024-21723 MEDIUM
Joomla! 1.5.0-3.10.14 - Open Redirect via URL Parsing
CVSS 4.3
CVE-2024-22243 HIGH
UriComponentsBuilder - Open Redirect
CVSS 8.1
CVE-2024-24763 MEDIUM
JumpServer < 3.10.0 - Open Redirect
CVSS 4.3
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits