CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,529 vulnerabilities with CWE-601
CVE-2022-31657 CRITICAL
VMware Workspace ONE Access and Identity Manager - URL Redirection to Untrusted Site
CVSS 9.8
CVE-2022-31193 HIGH
DSpace 4.0-5.10 and dspace-jspui 4.0-5.11 - Open Redirect via JSPUI Controlled Vocabulary Servlet
CVSS 7.1
CVE-2022-27509 MEDIUM
Citrix Gateway and Application Delivery Controller Firmware 12.1 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2022-30706 MEDIUM
Booked < 3.3.0 - Unauthenticated Open Redirect via Crafted URL
CVSS 6.1
CVE-2022-35652 MEDIUM
Moodle 3.9.0-3.9.14 and 4.0-4.0.1 - Open Redirect via Mobile Auto-Login Feature
CVSS 6.1
CVE-2022-31151 LOW
undici < 5.7.1 - Cookie Header Leakage on Cross-Origin Redirect
CVSS 3.7
CVE-2022-25803 MEDIUM
Request Tracker < 5.0.3 - Open Redirect via Ticket Search
CVSS 6.1
CVE-2022-33712 MEDIUM
Camera <12.0.01.64-12.0.3.23-12.0.0.98-12.0.6.11-12.0.3.19 - Open R...
CVSS 5.3
CVE-2022-35406 MEDIUM
Burp Suite < 2022.6 - URL Redirection to Untrusted Site via Crafted Response
CVSS 4.3
CVE-2022-2250 MEDIUM
GitLab 11.1-14.10.5 15.0-15.0.4 15.1-15.1.1 - Open Redirect
CVSS 4.7
CVE-2022-2252 MEDIUM
microweber < 1.2.19 - Open Redirect
CVSS 6.1
CVE-2022-29272 MEDIUM
Nagios XI <= 5.8.5 - Open Redirect via Login Function
CVSS 6.1
CVE-2022-30562 MEDIUM
Dahua IPC-HDBW2431E-S-S2 Firmware < 2022-04 - Open Redirect via Host Header Injection
CVSS 4.7
CVE-2022-33146 MEDIUM
web2py < 2.22.5 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2022-23078
habitica 4.119.0-4.232.2 - Open Redirect via Login Page
CVE-2022-32444 MEDIUM
u5cms 8.3.5 - URL Redirection to Untrusted Site via loginsave.php
CVSS 6.1
CVE-2022-31040 HIGH
Open Forms <1.0.9-1.1.1 - Open Redirect
CVSS 7.1
CVE-2022-24969 MEDIUM
Apache Dubbo < 2.6.12 and 2.7.0-2.7.14 - Server-Side Request Forgery via parseURL Method
CVSS 6.1
CVE-2022-29718 MEDIUM
Caddy 2.4.0-2.4.9 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2022-23237 MEDIUM
E-Series SANtricity OS Controller 11.0.0-11.70.2 - Open Redirect via Host Header Injection
CVSS 6.1
CVE-2022-29214 MEDIUM
NextAuth.js <3.29.3, <4.3.3 - Open Redirect
CVSS 6.1
CVE-2022-29170 MEDIUM
Grafana 7.4.0-7.5.15 - Open Redirect via Malicious Datasource HTTP Redirect
CVSS 6.6
CVE-2022-1774 MEDIUM
drawio < 18.0.7 - Open Redirect via Untrusted URL
CVSS 6.1
CVE-2022-30992 MEDIUM
Acronis Cyber Protect <15 - Open Redirect
CVSS 6.1
CVE-2022-1702 MEDIUM
SonicWall SMA1000 Series Firmware <= 12.4.1-02965 - Open Redirect via User-Controlled Input
CVSS 6.1
Details
Vulnerabilities 1,529
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits