CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,526 vulnerabilities with CWE-601
CVE-2023-32068 MEDIUM
XWiki Platform < 14.10.4 - Open Redirect via URL Parameter Manipulation
CVSS 4.7
CVE-2023-25829 MEDIUM
Esri Portal for ArcGIS <= 11.0 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2023-31134 MEDIUM
Tauri <1.0.9, <1.1.4, <1.2.5 - SSRF
CVSS 4.8
CVE-2023-0155 MEDIUM
GitLab CE/EE <15.8.5-15.10.1 - Open Redirect
CVSS 5.4
CVE-2023-2000 MEDIUM
Mattermost Desktop App < 5.2.2 - Open Redirect via Server Redirection
CVSS 5.4
CVE-2023-22729 MEDIUM
Silverstripe Framework < 4.12.15 - Open Redirect via Login Screen Link
CVSS 5.4
CVE-2023-26494 MEDIUM
lorawan-stack <3.24.1 - Open Redirect
CVSS 6.1
CVE-2023-29204 MEDIUM
XWiki 6.0-13.10.9 - Open Redirect via URL Scheme Omission
CVSS 4.7
CVE-2023-24935 MEDIUM
Microsoft Edge Chromium < 112.0.5615.49 - Authentication Bypass by Spoofing
CVSS 6.1
CVE-2023-22641 MEDIUM
FortiProxy 1.0.0-1.2.x and 2.0.0-2.0.11 - Authenticated Open Redirect
CVSS 4.1
CVE-2023-28069 MEDIUM
Dell Streaming Data Platform < 1.4 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2023-28628 MEDIUM
lambdaisland/uri <1.14.120 - Info Disclosure
CVSS 5.4
CVE-2023-22266 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22265 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22264 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22263 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22262 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22261 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22260 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22259 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22258 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22257 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-22256 MEDIUM
Experience Manager <6.5.15.0 - Open Redirect
CVSS 5.4
CVE-2023-0681 MEDIUM
Rapid7 InsightVM < 6.6.179 - Open Redirect via 'page' Parameter
CVSS 4.3
CVE-2023-24892 HIGH
Microsoft Edge Chromium < 111.0.1661.41 - Authentication Bypass by Spoofing via Webview2
CVSS 8.2
Details
Vulnerabilities 1,526
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits