CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2022-0165 MEDIUM
WordPress KingComposer <2.9.6 - Open Redirect
CVSS 6.1
CVE-2022-24739 HIGH
alltube <3.0.3 - SSRF/Open Redirect
CVSS 7.3
CVE-2022-0697 MEDIUM
archivy/archivy <1.7.0 - Open Redirect
CVSS 6.1
CVE-2022-0868 MEDIUM
uri.js < 1.19.10 - Open Redirect
CVSS 6.1
CVE-2022-0869 MEDIUM
spirit < 0.12.3 - Open Redirect
CVSS 6.1
CVE-2022-26158 MEDIUM
Cherwell Service Mgmt <10.2.3 - Open Redirect
CVSS 6.1
CVE-2022-26156 MEDIUM
Cherwell Service Management (CSM) 10.2.3 - Command Injection
CVSS 6.1
CVE-2022-24330 MEDIUM
JetBrains TeamCity <2021.2.1 - Open Redirect
CVSS 6.1
CVE-2022-0692 MEDIUM
Rudloff/alltube <3.0.1 - Open Redirect
CVSS 6.1
CVE-2022-25196 MEDIUM
Jenkins GitLab Authentication Plugin < 1.13 - Open Redirect via HTTP Referer Header
CVSS 5.4
CVE-2022-0597 MEDIUM
Packagist microweber/microweber <1.2.11 - Open Redirect
CVSS 6.1
CVE-2022-0560 MEDIUM
Packagist microweber/microweber <1.2.11 - Open Redirect
CVSS 6.1
CVE-2022-23618 MEDIUM
XWiki < 12.10.6 and 12.10.7 - URL Redirection to Untrusted Site via xredirect Parameter
CVSS 4.7
CVE-2022-23102 MEDIUM
SINEMA Remote Connect Server < 2.0 - Open Redirect
CVSS 6.1
CVE-2022-23184 MEDIUM
Octopus Deploy 0.9-4.1.9 and Octopus Server 2021.2.0-2021.2.8010 - Open Redirect via Localhost Binding
CVSS 6.1
CVE-2022-22919 MEDIUM
Adenza AxiomSL ControllerView <= 10.8.1 - Open Redirect via SSO Login URL
CVSS 6.1
CVE-2022-23599 MEDIUM
Plone < 3.0.6 - Open Redirect via Cached image_view_fullscreen Page
CVSS 4.3
CVE-2022-0235 MEDIUM
node-fetch < 2.6.7 and >=3.0.0 <3.1.1 - Open Redirect via URL Validation Bypass
CVSS 6.1
CVE-2022-0122 MEDIUM
forge < 1.0.0 - URL Redirection to Untrusted Site
CVSS 6.1
CVE-2022-21651 MEDIUM
Shopware 5.0.0-5.7.6 - Open Redirect via Incomplete URL Handling
CVSS 6.8
CVE-2021-46898 MEDIUM
Django Grappelli <2.15.2 - Open Redirect
CVSS 6.1
CVE-2021-36580 MEDIUM
IceWarp MailServer <13.0.1.2 - Open Redirect
CVSS 6.1
CVE-2021-39425 MEDIUM
SeedDMS 6.0.15 - Open Redirect via Crafted Links
CVSS 6.1
CVE-2021-4348 HIGH
Ultimate GDPR & CCPA <2.4 - Unauthenticated RCE
CVSS 7.5
CVE-2021-4260 MEDIUM
oils-js < 2021-03-23 - Open Redirect in Web.js
CVSS 6.3
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits