CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,526 vulnerabilities with CWE-601
CVE-2023-23395 LOW
Microsoft SharePoint Server - URL Redirection to Untrusted Site
CVSS 3.1
CVE-2023-24735 MEDIUM
PMB v7.4.6 - Open Redirect via /opac_css/pmb.php
CVSS 6.1
CVE-2023-22432 MEDIUM
web2py < 2.23.1 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2023-27292 MEDIUM
OpenCATS - Open Redirect via GET Parameter
CVSS 5.4
CVE-2023-23860 MEDIUM
SAP NetWeaver AS for ABAP and ABAP Platform - Open Redirect
CVSS 6.1
CVE-2023-23855 MEDIUM
SAP Solution Manager 720 - Open Redirect
CVSS 6.5
CVE-2023-23853 MEDIUM
AP NetWeaver Application Server for ABAP and ABAP Platform - CSRF
CVSS 6.1
CVE-2023-22798 MEDIUM
brave/adblock-lists < 2022-05-25 - Open Redirect via Debouncing Feature
CVSS 6.1
CVE-2023-22797 MEDIUM
Actionpack < 7.0.4.1 - Open Redirect
CVSS 6.1
CVE-2023-0748 MEDIUM
btcpayserver < 1.7.6 - Open Redirect
CVSS 6.4
CVE-2023-22418 MEDIUM
BIG-IP APM 13.1.0-13.1.5, 14.1.0-14.1.5.3, 15.1.0-15.1.7, 16.1.0-16.1.3.3, 17.0.0-17.0.0.2 Open Redirect
CVSS 6.1
CVE-2023-24445 MEDIUM
Jenkins OpenID Plugin <2.4 - Open Redirect
CVSS 6.1
CVE-2023-24044 MEDIUM
Plesk Obsidian <18.0.49 - Host Header Injection
CVSS 6.1
CVE-2023-22298 MEDIUM
pgAdmin 4 < 6.14 - Unauthenticated Open Redirect via Crafted URL
CVSS 6.1
CVE-2023-0042 MEDIUM
GitLab CE/EE <15.5.7-15.7.2 - Open Redirect
CVSS 6.1
CVE-2023-22958 MEDIUM
Syracom Secure Login < 3.1.1.0 - Open Redirect via PIN Validation Target Parameter
CVSS 6.1
CVE-2022-20634 MEDIUM
Cisco Enterprise Chat and Email < 12.6(1)es1 - Unauthenticated Open Redirect via URL Parameter
CVSS 4.7
CVE-2022-36029 CRITICAL
Greenlight < 2.13.0 - Open Redirect via Login Page Return Cookie
CVSS 9.1
CVE-2022-36028 CRITICAL
Greenlight < 2.13.0 - Open Redirect via Login Page return_to Cookie
CVSS 9.1
CVE-2022-45169 MEDIUM
LIVEBOX Collaboration vDesk < 031 - Authenticated Open Redirect via Push Notification
CVSS 5.4
CVE-2022-45582 MEDIUM
OpenStack Horizon 19.4.0-20.1.4 - Open Redirect via success_url Parameter
CVSS 6.1
CVE-2022-44215 MEDIUM
Titan FTP Server <19.0 - Open Redirect
CVSS 6.1
CVE-2022-27861 MEDIUM
Arscode Ninja Popups <= 4.7.5 - Unauthenticated Open Redirect
CVSS 4.7
CVE-2022-46407 MEDIUM
Ericsson Network Manager <22.2 - Open Redirect
CVSS 4.8
CVE-2022-4946 MEDIUM
Frontend Post WordPress Plugin < 2.8.4 - Open Redirect via Shortcode Attribute
CVSS 5.4
Details
Vulnerabilities 1,526
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits