CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,529 vulnerabilities with CWE-601
CVE-2022-44560 MEDIUM
Huawei EMUI and HarmonyOS - Intent Redirection in Launcher Module
CVSS 5.3
CVE-2022-41215 MEDIUM
SAP NetWeaver ABAP Server and ABAP Platform - Unauthenticated Open Redirect via Insufficient URL Validation
CVSS 4.7
CVE-2022-41207 MEDIUM
SAP Biller Direct - Unauthenticated Open Redirect via Unsensitized Parameter
CVSS 6.1
CVE-2022-43985 MEDIUM
Apache Airflow <2.4.2 - Open Redirect
CVSS 6.1
CVE-2022-3797 MEDIUM
eolink apinto-dashboard - Open Redirect via Login Callback Parameter
CVSS 6.3
CVE-2022-28763 HIGH
Zoom Client for Meetings <5.12.2 - SSRF
CVSS 8.8
CVE-2022-39021 MEDIUM
U-Office Force < 20.50.7821d - Unauthenticated Open Redirect via Login Function
CVSS 6.1
CVE-2022-39359 MEDIUM
Metabase 0.41.0-0.41.8 - Open Redirect via GeoJSON Map URL
CVSS 6.5
CVE-2022-38197 MEDIUM
Esri ArcGIS Server <10.9.1 - Open Redirect
CVSS 6.1
CVE-2022-26954 MEDIUM
NopCommerce 4.10-4.50.1 - Open Redirect
CVSS 6.1
CVE-2022-41204 HIGH
SAP Commerce -2005-2105-2011-2205 - Open Redirect
CVSS 8.8
CVE-2022-3438 MEDIUM
ikus-soft rdiffweb < 2.5.0a4 - Open Redirect
CVSS 6.1
CVE-2022-40083 CRITICAL
Labstack Echo < 4.9.0 - Open Redirect via Static Handler
CVSS 9.6
CVE-2022-39258 HIGH
mailcow < 2022-09 - Open Redirect via Spoofed Swagger Authorize Link
CVSS 8.1
CVE-2022-28977 MEDIUM
Liferay Portal 7.3.1-7.4.2 & DXP - Open Redirect
CVSS 6.1
CVE-2022-40754 MEDIUM
Apache Airflow 2.3.0-2.3.4 - Open Redirect via Confirm Endpoint
CVSS 6.1
CVE-2022-31735 MEDIUM
OpenAM Consortium Edition 14.0.0 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2022-39814 MEDIUM
NOKIA 1350 OMS R14.2 - URL Redirection to Untrusted Site via Login Page Next Parameter
CVSS 6.1
CVE-2022-25295 MEDIUM
gophish < 0.12.0 - Open Redirect via Next Query Parameter
CVSS 5.4
CVE-2022-36087 MEDIUM
oauthlib 3.1.1-3.2.1 - Open Redirect via URI Validation Bypass
CVSS 5.7
CVE-2022-38131 MEDIUM
RStudio Connect <2023.01.0 - Open Redirect
CVSS 6.1
CVE-2022-27547 MEDIUM
HCL iNotes - Open Redirect via Non-Existent Domain Link
CVSS 6.1
CVE-2022-25799 MEDIUM
CERT/CC VINCE < 1.50.0 - Authenticated Open Redirect via Crafted URL
CVSS 6.1
CVE-2022-35953 HIGH
BookWyrm < 0.4.5 - Open Redirect via Tabnabbing
CVSS 7.1
CVE-2022-28755 CRITICAL
Zoom Client for Meetings < 5.11.0 - URL Redirection to Untrusted Site via Malicious Meeting URL
CVSS 9.6
Details
Vulnerabilities 1,529
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits