CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,526 vulnerabilities with CWE-601
CVE-2022-43950 MEDIUM
FortiNAC-F <7.2.0, FortiNAC <9.4.1, 9.2 all, 9.1 all, 8.8 all, 8.7 ...
CVSS 4.3
CVE-2022-46886 MEDIUM
ServiceNow - Open Redirect via Response List Update Functionality
CVSS 5.5
CVE-2022-1230 LOW
Samsung Galaxy S21 Firmware < 4.5.40.5 - Open Redirect via Redirection Handling
CVSS 3.9
CVE-2022-48358 HIGH
Huawei EMUI - URL Redirection to Untrusted Site via BatteryHealthActivity
CVSS 7.4
CVE-2022-2237 MEDIUM
Keycloak Node.js Adapter - Open Redirect via checkSso Function
CVSS 6.1
CVE-2022-37940 MEDIUM
HPE FlexFabric 5700 Switch Series < R2432P61 - URL Redirection via Host Header Injection
CVSS 5.3
CVE-2022-3381 MEDIUM
GitLab <15.7.8-15.9.2 - Open Redirect
CVSS 4.3
CVE-2022-4317 MEDIUM
GitLab DAST analyzer <3.0.51 - SSRF
CVSS 5.0
CVE-2022-2837 MEDIUM
CoreDNS - External TLD Traffic Redirection via Crafted Namespace
CVSS 6.1
CVE-2022-46784 MEDIUM
SquaredUp Dashboard Server SCOM <5.7.1 - Open Redirect
CVSS 6.1
CVE-2022-38779 MEDIUM
Kibana 7.0.0-7.17.9 - Open Redirect via Malicious URL
CVSS 6.1
CVE-2022-0637 MEDIUM
pollbot < 1.4.6 - Open Redirect
CVSS 6.1
CVE-2022-38657 HIGH
Hcltech HCL Leap - Open Redirect via Feedback Action
CVSS 8.2
CVE-2022-28923 MEDIUM
Caddy < 2.5.0-beta.1 - Open Redirect via Crafted URLs
CVSS 6.1
CVE-2022-44718 LOW
NetScout nGeniusONE 6.3.2 build 904 - Authenticated Open Redirect via Crafted Payload
CVSS 3.5
CVE-2022-44717 LOW
NetScout nGeniusONE 6.3.2 build 904 - Open Redirect via Crafted Payload
CVSS 3.1
CVE-2022-43721 MEDIUM
Apache Superset <2.0.0 - Open Redirect
CVSS 5.4
CVE-2022-3145 MEDIUM
Okta OIDC Middleware < 5.0.0 - Open Redirect
CVSS 4.7
CVE-2022-39183 MEDIUM
Moodle SAML Authentication - Open Redirect
CVSS 6.5
CVE-2022-3614 MEDIUM
Octopus Server 3.5-2022.3.10750 - Unauthenticated Open Redirect via AD Sign-In
CVSS 6.1
CVE-2022-38208 MEDIUM
Esri Portal for ArcGIS <11 - Open Redirect
CVSS 6.1
CVE-2022-4720 MEDIUM
rdiffweb < 2.5.5 - Open Redirect
CVSS 6.1
CVE-2022-45413 MEDIUM
Firefox < 107.0 - Open Redirect via browser_fallback_url Parameter
CVSS 6.1
CVE-2022-36316 MEDIUM
Firefox < 103.0 - URL Redirection to Untrusted Site via Performance API
CVSS 6.1
CVE-2022-34478 MEDIUM
Firefox < 102.0 and Firefox ESR < 91.11 - URL Redirection to Untrusted Site via ms-msdt, search, and search-ms Protocols
CVSS 6.5
Details
Vulnerabilities 1,526
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits