CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2021-3829 MEDIUM
openwhyd < 1.45.3 - Open Redirect
CVSS 6.1
CVE-2021-43532 MEDIUM
Mozilla Firefox < 94 - Authentication Token Leak via Image Link Copy
CVSS 6.1
CVE-2021-43064 MEDIUM
Fortinet FortiWeb <6.4.1 - Open Redirect
CVSS 4.3
CVE-2021-36191 MEDIUM
Fortinet FortiWeb <6.4.1-6.3.15 - Open Redirect
CVSS 4.1
CVE-2021-4000 MEDIUM
showdoc - Open Redirect via Untrusted URL
CVSS 6.1
CVE-2021-3989 MEDIUM
showdoc < 2.9.13 - Open Redirect
CVSS 6.1
CVE-2021-42564 MEDIUM
cryptshare_server < 5.1.0 - Open Redirect via HTML Injection in Confidential Message Editor
CVSS 5.4
CVE-2021-43777 MEDIUM
Redash < 10.0.0 - Open Redirect via Google Login State Parameter
CVSS 6.8
CVE-2021-38000 MEDIUM KEV
Google Chrome <95.0.4638.69 - Open Redirect
CVSS 6.1
CVE-2021-36332 MEDIUM
Dell EMC CloudLink < 7.1.1 - HTML and JavaScript Injection
CVSS 5.4
CVE-2021-41733 MEDIUM
Oppia 3.1.4 - Open Redirect via Unverified URL Navigation
CVSS 6.1
CVE-2021-1500 MEDIUM
Cisco Webex Video Mesh < 2021.10.18.2439m - Unauthenticated Open Redirect via URL Parameter
CVSS 5.4
CVE-2021-43058 MEDIUM
Replicated Classic <2.53.1 - Open Redirect
CVSS 6.1
CVE-2021-34764 MEDIUM
Cisco Firepower Management Center Virtual Appliance - Open Redirect
CVSS 4.8
CVE-2021-34763 MEDIUM
Cisco Firepower Management Center Virtual Appliance - Open Redirect
CVSS 4.8
CVE-2021-3851 MEDIUM
firefly-iii < 5.6.2 - Open Redirect
CVSS 5.4
CVE-2021-22942 MEDIUM
Action Pack >= 6.0.0 - Open Redirect
CVSS 6.1
CVE-2021-22964 HIGH
Fastify-Static >=4.2.4 <4.4.1 - Open Redirect
CVSS 8.8
CVE-2021-22963 MEDIUM
fastify-static < 4.2.4 - Open Redirect
CVSS 6.1
CVE-2021-20806 MEDIUM
Cybozu Remote Service <3.1.9 - Open Redirect
CVSS 6.1
CVE-2021-20031 MEDIUM
SonicOS < 7.0.1-r1262 - Host Header Redirection
CVSS 6.1
CVE-2021-34772 MEDIUM
Cisco Orbital - Unauthenticated Open Redirect via Web Management Interface
CVSS 4.7
CVE-2021-35205 MEDIUM
NETSCOUT Systems nGeniusONE <6.3.0 - Open Redirect
CVSS 5.4
CVE-2021-41826 MEDIUM
PlaceOS Authentication Service < 1.29.10.0 - Open Redirect via Sessions Controller
CVSS 6.1
CVE-2021-23052 MEDIUM
BIG-IP <14.1.4.4, 13.1.x - Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits