CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,526 vulnerabilities with CWE-601
CVE-2024-21794 MEDIUM
Rapid SCADA < 5.8.4 - Open Redirect via Login Page
CVSS 5.4
CVE-2024-22308 LOW
Simple Membership <4.4.1 - Open Redirect
CVSS 3.4
CVE-2024-0854 MEDIUM
Synology DiskStation Manager - Open Redirect
CVSS 5.4
CVE-2024-0781 LOW
CodeAstro Internet Banking System 1.0 - Open Redirect
CVSS 3.5
CVE-2024-22113 MEDIUM
Access analysis CGI An-Analyzer <2023 - Open Redirect
CVSS 6.1
CVE-2024-22400 LOW
Nextcloud <5.1.5-6.0.1 - Open Redirect
CVSS 3.1
CVE-2024-0319 MEDIUM
FireEye HXTool 4.6 - Open Redirect via redirect_uri Parameter
CVSS 5.4
CVE-2024-0545 MEDIUM
CodeCanyon RISE Ultimate Project Manager 3.5.3 - Open Redirect
CVSS 5.3
CVE-2024-21734 LOW
SAP Marketing 160 - URL Redirection to Untrusted Site via Contacts App
CVSS 3.7
CVE-2024-21641 MEDIUM
Flarum < 1.8.5 - Open Redirect via Logout Route Redirect Parameter
CVSS 6.5
CVE-2023-53901 MEDIUM
WBCE CMS 1.6.1 - Stored Cross-Site Scripting via CSS Keylogging
CVSS 5.4
CVE-2023-6786 MEDIUM
Payment Gateway for Telcell < 2.0.4 - Open Redirect via api_url Parameter
CVSS 6.1
CVE-2023-6812 MEDIUM
WP Compress - Image Optimizer < 6.20.01 - Unauthenticated Open Redirect via CSS Parameter
CVSS 4.3
CVE-2023-34020 MEDIUM
Uncanny Owl Uncanny Toolkit for LearnDash <3.6.4.3 - Open Redirect
CVSS 4.7
CVE-2023-44308 MEDIUM
Liferay Digital Experience Platform - Open Redirect via Adaptive Media Administration Page
CVSS 6.1
CVE-2023-5190 MEDIUM
Liferay DXP 7.4.3.45-7.4.3.101 & 2023.Q3 Open Redirect via Countries Management
CVSS 6.1
CVE-2023-6389 MEDIUM
WordPress Toolbar <2.2.6 - Open Redirect
CVSS 6.1
CVE-2023-6291 HIGH
Keycloak < 22.0.7 and 23.0.0-23.0.2 - Open Redirect via redirect_uri Validation Bypass
CVSS 7.1
CVE-2023-50963 MEDIUM
IBM Storage Defender - Data Protect 1.0.0-1.4.1 - HTTP Header Injection via HOST Header
CVSS 6.5
CVE-2023-3771 MEDIUM
T1 < 19.0 - Open Redirect
CVSS 6.1
CVE-2023-49394 MEDIUM
Zentao < 4.1.3 - URL Redirection to Untrusted Site
CVSS 6.1
CVE-2023-6552 MEDIUM
tasmoadmin < 3.3.0 - Open Redirect via Language Change GET Parameter
CVSS 6.1
CVE-2023-50345 LOW
HCL DRYiCE MyXalytics - Open Redirect
CVSS 3.7
CVE-2023-26159 HIGH
follow-redirects < 1.15.4 - URL Redirection to Untrusted Site via Improper Hostname Parsing
CVSS 7.3
CVE-2023-52263 MEDIUM
Brave Browser < 1.59.40 - Open Redirect via WebUI Factory Schema Handling
CVSS 6.1
Details
Vulnerabilities 1,526
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits