CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,529 vulnerabilities with CWE-601
CVE-2022-45413 MEDIUM
Firefox < 107.0 - Open Redirect via browser_fallback_url Parameter
CVSS 6.1
CVE-2022-36316 MEDIUM
Firefox < 103.0 - URL Redirection to Untrusted Site via Performance API
CVSS 6.1
CVE-2022-34478 MEDIUM
Firefox < 102.0 and Firefox ESR < 91.11 - URL Redirection to Untrusted Site via ms-msdt, search, and search-ms Protocols
CVSS 6.5
CVE-2022-34474 MEDIUM
Firefox < 102.0 - Open Redirect via Sandboxed Iframe
CVSS 6.1
CVE-2022-29912 MEDIUM
Firefox < 100.0 and Firefox ESR < 91.9 - Open Redirect via Reader Mode
CVSS 6.1
CVE-2022-29910 MEDIUM
Firefox for Android < 100.0 - HSTS Bypass via Improper Persistence
CVSS 6.1
CVE-2022-4644 MEDIUM
ikus060/rdiffweb <2.5.4 - Open Redirect
CVSS 6.1
CVE-2022-44488 LOW
Adobe Experience Manager < 6.5.15.0 and Cloud Service < 2022.10.0 - Authenticated Open Redirect
CVSS 3.5
CVE-2022-47500 MEDIUM
Apache Helix 0.8.0-1.0.4 - Open Redirect in UI Component
CVSS 6.1
CVE-2022-38662 MEDIUM
HCL Digital Experience - Open Redirect
CVSS 6.1
CVE-2022-46288 MEDIUM
DENSHI NYUSATSU CORE SYSTEM <6 R4 - Open Redirect
CVSS 6.1
CVE-2022-4589 MEDIUM
cyface Terms and Conditions Module <2.0.9 - Open Redirect
CVSS 5.5
CVE-2022-23527 MEDIUM
mod_auth_openidc < 2.4.12.2 - Open Redirect via Improper URL Validation
CVSS 4.7
CVE-2022-41275 MEDIUM
SAP Solution Manager - Open Redirect
CVSS 6.1
CVE-2022-41273 MEDIUM
SAP Sourcing & CLM 1100 - Open Redirect
CVSS 4.3
CVE-2022-37927 MEDIUM
HPE OneView Global Dashboard < 2.7 - Open Redirect
CVSS 6.1
CVE-2022-46683 MEDIUM
Jenkins Google Login Plugin <1.7 - Open Redirect
CVSS 6.1
CVE-2022-45917 MEDIUM
ILIAS < 7.16 - Open Redirect
CVSS 6.1
CVE-2022-41559 CRITICAL
TIBCO Nimbus <10.5.0 - Open Redirect
CVSS 9.3
CVE-2022-43479 MEDIUM
SHIRASAGI 1.14.4-1.15.0 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2022-41965 MEDIUM
Opencast < 12.5 - Authenticated Open Redirect via Paella Authentication Page
CVSS 5.7
CVE-2022-38201 MEDIUM
Esri Portal for ArcGIS Quick Capture Web Designer <10.9.1 - Open Re...
CVSS 6.1
CVE-2022-45402 MEDIUM
Apache Airflow < 2.4.3 - Open Redirect via Login Endpoint
CVSS 6.1
CVE-2022-3486 MEDIUM
GitLab 9.3-15.3.5, 15.4-15.4.4, 15.5-15.5.2 - Open Redirect
CVSS 4.7
CVE-2022-3280 LOW
GitLab CE/EE <15.3.5-15.5.2 - Open Redirect
CVSS 3.5
Details
Vulnerabilities 1,529
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits