CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,513 vulnerabilities with CWE-601
CVE-2024-25609 MEDIUM
Liferay Portal 7.2.0-7.4.3.12 & DXP - Open Redirect
CVSS 6.1
CVE-2024-25608 MEDIUM
Liferay Portal - Open Redirect
CVSS 6.1
CVE-2024-21497 MEDIUM
greenpau/caddy-security - Open Redirect via redirect_url Parameter
CVSS 5.4
CVE-2024-22854 MEDIUM
Darktrace Threat Visualizer <6.1.27 - Open Redirect
CVSS 6.1
CVE-2024-21728 MEDIUM
osTicky < 2.2.8 - Open Redirect via Base64 URL Parameter
CVSS 6.1
CVE-2024-25559 MEDIUM
a-blog cms 3.1.0-3.1.8 - URL Spoofing via Audit Log Link
CVSS 4.7
CVE-2024-0250 MEDIUM
Analytics Insights for Google Analytics 4 < 6.3 - Unauthenticated Open Redirect via oauth2callback.php
CVSS 6.1
CVE-2024-25715 MEDIUM
Glewlwyd SSO Server 2.0.0-2.7.6 - Open Redirect via redirect_uri Parameter
CVSS 6.1
CVE-2024-24034 MEDIUM
Setorinformatica S.i.l - Open Redirect
CVSS 6.1
CVE-2024-24291 MEDIUM
yzmcms v7.0 - Open Redirect via /member/index/login
CVSS 6.1
CVE-2024-24808 MEDIUM
pyload < 0.5.0 - Open Redirect via Login Redirect Validation
CVSS 4.7
CVE-2024-0953 MEDIUM
Firefox for iOS < 129 - Open Redirect
CVSS 6.1
CVE-2024-21794 MEDIUM
Rapid SCADA < 5.8.4 - Open Redirect via Login Page
CVSS 5.4
CVE-2024-22308 LOW
Simple Membership <4.4.1 - Open Redirect
CVSS 3.4
CVE-2024-0854 MEDIUM
Synology DiskStation Manager - Open Redirect
CVSS 5.4
CVE-2024-0781 LOW
CodeAstro Internet Banking System 1.0 - Open Redirect
CVSS 3.5
CVE-2024-22113 MEDIUM
Access analysis CGI An-Analyzer <2023 - Open Redirect
CVSS 6.1
CVE-2024-22400 LOW
Nextcloud <5.1.5-6.0.1 - Open Redirect
CVSS 3.1
CVE-2024-0319 MEDIUM
FireEye HXTool 4.6 - Open Redirect via redirect_uri Parameter
CVSS 5.4
CVE-2024-0545 MEDIUM
CodeCanyon RISE Ultimate Project Manager 3.5.3 - Open Redirect
CVSS 5.3
CVE-2024-21734 LOW
SAP Marketing 160 - URL Redirection to Untrusted Site via Contacts App
CVSS 3.7
CVE-2024-21641 MEDIUM
Flarum < 1.8.5 - Open Redirect via Logout Route Redirect Parameter
CVSS 6.5
CVE-2023-53901 MEDIUM
WBCE CMS 1.6.1 - Stored Cross-Site Scripting via CSS Keylogging
CVSS 5.4
CVE-2023-6786 MEDIUM
Payment Gateway for Telcell < 2.0.4 - Open Redirect via api_url Parameter
CVSS 6.1
CVE-2023-6812 MEDIUM
WP Compress - Image Optimizer < 6.20.01 - Unauthenticated Open Redirect via CSS Parameter
CVSS 4.3
Details
Vulnerabilities 1,513
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits