CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2021-22141 MEDIUM
Kibana < 6.8.16 - Open Redirect via Malicious URL
CVSS 6.1
CVE-2021-29864 MEDIUM
IBM Security Identity Manager 6.0 and 6.0.2 - Open Redirect
CVSS 6.1
CVE-2021-28861 HIGH
Python 3.0.0-3.10 - Open Redirect via URI Path
CVSS 7.4
CVE-2021-3639 MEDIUM
mod_auth_mellon < 0.18.0 - Open Redirect via Unsanitized Logout URL
CVSS 6.1
CVE-2021-23385 MEDIUM
Flask-Security - Open Redirect via Backslash URL Validation Bypass
CVSS 5.4
CVE-2021-44054 MEDIUM
QNAP QTS 4.3.3-5.0.0, QuTS hero <4.5.4.1771, QuTScloud <5.0.1.1998 Open Redirect
CVSS 4.3
CVE-2021-25111 MEDIUM
WordPress Admin <1.5.2 - Open Redirect
CVSS 6.1
CVE-2021-32478 MEDIUM
Moodle < 3.8.9, 3.9-3.9.6, 3.10-3.10.3 - Open Redirect via LTI Authorization Endpoint
CVSS 6.1
CVE-2021-41180 MEDIUM
Nextcloud talk <12.1.2 - Open Redirect
CVSS 4.7
CVE-2021-46379 MEDIUM
DLink DIR850 ET850-1.08TRb03 - Open Redirect
CVSS 6.1
CVE-2021-3654 MEDIUM
OpenStack Nova < 21.2.3 - Open Redirect via noVNC Console Proxy
CVSS 6.1
CVE-2021-23495 MEDIUM
karma < 6.3.16 - Open Redirect via return_url Query Parameter
CVSS 5.4
CVE-2021-29217 MEDIUM
HPE OneView Global Dashboard < 2.5 - URL Redirection to Untrusted Site
CVSS 6.1
CVE-2021-25033 MEDIUM
WordPress Newsletter Plugin <1.6.5 - Open Redirect
CVSS 6.1
CVE-2021-46366 HIGH
Magnolia CMS <6.2.3 - CSRF,Open Redirect
CVSS 8.8
CVE-2021-45328 MEDIUM
Gitea < 1.4.3 - Open Redirect via Internal URLs
CVSS 6.1
CVE-2021-45408 MEDIUM
SeedDMS 6.0.15 - Open Redirect via Referuri Parameter
CVSS 6.1
CVE-2021-25074 MEDIUM
WebP Converter for Media <4.0.3 - Open Redirect
CVSS 6.1
CVE-2021-25028 MEDIUM
Event Tickets WordPress Plugin < 5.2.2 - Open Redirect via tribe_tickets_redirect_to Parameter
CVSS 6.1
CVE-2021-24838 MEDIUM
AnyComment WordPress <0.3.5 - Open Redirect
CVSS 6.1
CVE-2021-38678 MEDIUM
QNAP QcalAgent <1.1.7 - Open Redirect
CVSS 6.1
CVE-2021-44528 MEDIUM
Rails Action Pack >=6.0.0 <6.0.4.2 - Open Redirect via X-Forwarded-Host Header
CVSS 6.1
CVE-2021-20875 MEDIUM
GroupSession Free/Z/ByCloud <5.1.1 - Open Redirect
CVSS 6.1
CVE-2021-40852 MEDIUM
TCMAN GIM - Open Redirect
CVSS 6.1
CVE-2021-43812 MEDIUM
Auth0 Next.js SDK <1.6.2 - Open Redirect
CVSS 6.4
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits