CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,526 vulnerabilities with CWE-601
CVE-2023-6380 MEDIUM
OpenCMS 14.0.0-15.9.9 - Open Redirect via URI Parameter
CVSS 6.1
CVE-2023-50456 MEDIUM
Zammad < 6.2.0 - Open Redirect via Crafted First or Last Name
CVSS 5.3
CVE-2023-28874 MEDIUM
Seafile 9.0.6 - Open Redirect via Login Next Parameter
CVSS 6.1
CVE-2023-48928 MEDIUM
Franklin Fueling Systems SSA <1.6.24.492 - Open Redirect
CVSS 6.1
CVE-2023-47548 MEDIUM
Integrate Google Drive < 1.3.2 - Open Redirect
CVSS 4.7
CVE-2023-45762 MEDIUM
Responsive Column Widgets < 1.2.7 - Open Redirect
CVSS 4.7
CVE-2023-48325 MEDIUM
PluginOps Landing Page Builder < 1.5.1.5 - Open Redirect
CVSS 4.7
CVE-2023-47779 MEDIUM
CRM Perks Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.4 - Open Redirect
CVSS 4.7
CVE-2023-49240 HIGH
Huawei EMUI and HarmonyOS - Unauthorized Access in Launcher Module
CVSS 7.5
CVE-2023-46688 MEDIUM
Pleasanter <1.3.47.0 - Open Redirect
CVSS 6.1
CVE-2023-48815 MEDIUM
kkFileView <4.3.0 - Info Disclosure
CVSS 6.1
CVE-2023-49281 MEDIUM
Calendarinho < 2023-10-11 - Open Redirect via Unvalidated URL
CVSS 4.7
CVE-2023-42502 MEDIUM
Apache Superset < 3.0.0 - Authenticated Open Redirect via HTTP Host Header Spoofing
CVSS 4.8
CVE-2023-47168 MEDIUM
Mattermost < 7.8.12 and 9.1.0-9.1.1 - Open Redirect via OAuth Redirect Parameter
CVSS 4.3
CVE-2023-49104 HIGH
owncloud/oauth2 < 0.6.1 - Open Redirect via Subdomain Validation Bypass
CVSS 8.7
CVE-2023-49061 MEDIUM
Firefox for iOS < 120.0 - HTML Template Injection via Reader Mode
CVSS 6.1
CVE-2023-5610 MEDIUM
Seraphinite Accelerator < 2.2.29 - Authenticated Open Redirect
CVSS 5.4
CVE-2023-5445 MEDIUM
McAfee ePolicy Orchestrator < 5.10.0 - Authenticated Open Redirect via Dashboard URL Parameter
CVSS 5.4
CVE-2023-41699 MEDIUM
Payara Server/Micro/Embedded 4.1.2.191-4.1.2.191.46, 5.0.0-5.57.0, 6.0.0-6.8.0, 6.2023.1-6.2023.11 Open Redirect
CVSS 6.1
CVE-2023-5986 HIGH
EcoStruxure Power Monitoring Expert - Open Redirect via URL-Encoded Input
CVSS 8.2
CVE-2023-45203 MEDIUM
Online Examination System 1.0 - Open Redirect via Login Page q Parameter
CVSS 6.1
CVE-2023-45202 MEDIUM
Online Examination System 1.0 - Open Redirect via Feed.php q Parameter
CVSS 6.1
CVE-2023-45201 MEDIUM
Online Examination System 1.0 - Open Redirect via Admin.php q Parameter
CVSS 6.1
CVE-2023-20264 MEDIUM
Cisco ASA & FTD Unauthenticated SAML Assertion Hijack via Login URL Manipulation
CVSS 6.1
CVE-2023-20886 HIGH
VMware Workspace ONE UEM 22.3.0.2-22.3.0.48 - Open Redirect via SAML Response
CVSS 8.8
Details
Vulnerabilities 1,526
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits