CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,529 vulnerabilities with CWE-601
CVE-2022-22797 MEDIUM
Sysaid < 22.1.50 and < 22.1.64 - Open Redirect via CommunitySSORedirect.jsp redirectURL Parameter
CVSS 4.6
CVE-2022-1209 MEDIUM
Ultimate Member <2.3.1 - Open Redirect
CVSS 4.3
CVE-2022-20794 MEDIUM
Cisco TelePresence CE/RoomOS - DoS, Info Disclosure, Open Redirect
CVSS 6.5
CVE-2022-20764 MEDIUM
Cisco TelePresence CE/RoomOS - DoS, Info Disclosure, Open Redirect
CVSS 6.5
CVE-2022-27461 MEDIUM
nopcommerce < 4.50.1 - Open Redirect via Crafted Authentication Link
CVSS 6.1
CVE-2022-26326 MEDIUM
NetIQ Access Manager <5.0.2 - Open Redirect
CVSS 4.0
CVE-2022-24887 MEDIUM
Nextcloud Talk < 11.3.4, 12.2.2, 13.0.0 - Open Redirect via Deck Card Metadata
CVSS 4.3
CVE-2022-1254 MEDIUM
Mcafee Web Gateway < 7.8.2.31 - Open Redirect
CVSS 6.1
CVE-2022-24858 MEDIUM
next-auth < 3.29.2 and 4.0.0-4.3.1 - Authentication Bypass via Redirect Callback
CVSS 6.1
CVE-2022-1019 MEDIUM
WebCtrl Server < 7.0 - Open Redirect via Help Index Page
CVSS 5.2
CVE-2022-0645 MEDIUM
PostHog < 1.34.1 - Open Redirect via authorize_and_redirect Endpoint
CVSS 6.1
CVE-2022-27256 MEDIUM
hubzilla < 7.2 - Local File Inclusion via Redbasic Theme Schema Parameter
CVSS 6.1
CVE-2022-28215 MEDIUM
SAP NetWeaver ABAP Server and ABAP Platform 740, 750, 787 - Unauthenticated Open Redirect
CVSS 4.7
CVE-2022-27110 MEDIUM
OrangeHRM 4.10 - Open Redirect via Host Header Injection in viewPersonalDetails Endpoint
CVSS 5.4
CVE-2022-27109 MEDIUM
OrangeHRM 4.10 - Open Redirect via Referer Header Injection
CVSS 5.4
CVE-2022-27463 MEDIUM
WWBN AVideo < 11.6 - Open Redirect via Login Endpoint
CVSS 6.1
CVE-2022-1233 MEDIUM
URI.js <1.19.11 - URL Confusion When Scheme Is Missing
CVSS 6.1
CVE-2022-24794 HIGH
auth0 express_openid_connect < 2.7.2 - Open Redirect via Unsanitized Original URL
CVSS 7.5
CVE-2022-23798 MEDIUM
Joomla! 2.5.0-3.10.6 & 4.0.0-4.1.0 - Open Redirect via URL Validation Bypass
CVSS 6.1
CVE-2022-26950 MEDIUM
RSA Archer 6.1.0.0-6.9.0.2 - Unauthenticated Open Redirect
CVSS 5.4
CVE-2022-0283 MEDIUM
GitLab < 14.5.4 - Open Redirect via Jira Integration
CVSS 4.7
CVE-2022-24776 MEDIUM
Flask-AppBuilder < 3.4.5 - Open Redirect via Database Authentication Login Page
CVSS 6.1
CVE-2022-1058 MEDIUM
Gitea < 1.16.5 - Open Redirect via Login
CVSS 6.1
CVE-2022-27090 MEDIUM
Cscms Music Portal System v4.2 - Open Redirect via backurl Parameter
CVSS 5.4
CVE-2022-0165 MEDIUM
WordPress KingComposer <2.9.6 - Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,529
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits