CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,526 vulnerabilities with CWE-601
CVE-2023-37561 MEDIUM
ELECOM WRH-300WH-H < 2.12, WTC-300HWH < 1.09, WTC-C1167GC-B/W < 1.17 - Open Redirect
CVSS 6.1
CVE-2023-37947 MEDIUM
Jenkins OpenShift Login Plugin < 1.1.0.230.v5d7030b_f5432 - Open Redirect
CVSS 6.1
CVE-2023-3568 MEDIUM
alextselegidis/easyappointments <1.5.0 - Open Redirect
CVSS 6.3
CVE-2023-35934 MEDIUM
yt-dlp <2023.07.06 - Cookie Leakage via Download Redirects and Fragments
CVSS 6.1
CVE-2023-35948 MEDIUM
novu < 0.16 - URL Redirection to Untrusted Site via GitHub OAuth Sign-In
CVSS 5.4
CVE-2023-3515 MEDIUM
go-gitea/gitea <1.19.4 - Open Redirect
CVSS 4.4
CVE-2023-3139 MEDIUM
Protect WP Admin <4.0 - Info Disclosure
CVSS 6.1
CVE-2023-28364 MEDIUM
Brave Browser < 1.52.117 - Open Redirect via QR Scanner
CVSS 6.1
CVE-2023-35171 MEDIUM
Nextcloud Server 26.0.0-26.0.1 - Open Redirect via Crafted URL
CVSS 4.1
CVE-2023-28799 HIGH
Zscaler Client Connector < 1.4, < 1.9.3, < 1.10.1, < 1.10.2, < 3.7, < 3.9 - Open Redirect via Login URL Parameter
CVSS 8.2
CVE-2023-33405 MEDIUM
Blogengine.net <3.3.8.0 - Open Redirect
CVSS 6.1
CVE-2023-34415 MEDIUM
Firefox < 114.0 - Open Redirect via Data URL Redirect Bypass
CVSS 6.1
CVE-2023-24030 MEDIUM
Zimbra Collaboration Suite <9.0, 8.8.15 - Open Redirect
CVSS 6.1
CVE-2023-29307 MEDIUM
Adobe Experience Manager <6.5.16.0 - Open Redirect
CVSS 5.4
CVE-2023-35029 MEDIUM
Liferay DXP 7.4 update 70-76 / Portal 7.4.3.70-76 Open Redirect via SEO BackURL
CVSS 6.1
CVE-2023-34247 MEDIUM
Keystone < 7.0.0 - Open Redirect via Leading Slash Filter Bypass
CVSS 6.1
CVE-2023-32551 MEDIUM
Landscape < 19.10.5 - Open Redirect
CVSS 6.1
CVE-2023-29540 MEDIUM
Firefox and Focus for Android < 112.0 - Open Redirect via sourceMappingUrls
CVSS 6.1
CVE-2023-25734 HIGH
Firefox < 110.0 and Firefox ESR < 102.8 - URL Redirection to Untrusted Site via Windows .url Shortcut
CVSS 8.1
CVE-2023-34224 MEDIUM
JetBrains TeamCity < 2023.05 - Open Redirect via OAuth Configuration
CVSS 4.8
CVE-2023-32218 MEDIUM
Avaya IX Workforce Engagement 15.2.7.1195 - Open Redirect
CVSS 6.1
CVE-2023-23754 MEDIUM
Joomla! 4.2.0-4.3.1 - Open Redirect and Cross-Site Scripting in MFA Selection Screen
CVSS 6.1
CVE-2023-20884 MEDIUM
VMware Identity Manager and Workspace ONE Access - Unauthenticated Open Redirect via Improper Path Handling
CVSS 6.1
CVE-2023-28370 MEDIUM
Tornado < 6.3.2 - Unauthenticated Open Redirect via Crafted URL
CVSS 6.1
CVE-2023-31245 HIGH
Snap One OvrC - Open Redirect
CVSS 7.1
Details
Vulnerabilities 1,526
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits