CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2021-22526 MEDIUM
NetIQ Access Manager <5.0.1-4.5.4 - Open Redirect
CVSS 4.9
CVE-2021-23435 HIGH
clearance < 2.5.0 - Open Redirect via Session Return To Parameter
CVSS 7.6
CVE-2021-32805 HIGH
Flask-AppBuilder <3.2.2 - Open Redirect
CVSS 7.2
CVE-2021-39501 MEDIUM
EyouCMS 1.5.4 - Open Redirect via Logout Function
CVSS 6.1
CVE-2021-38123 MEDIUM
Micro Focus Network Automation - Open Redirect
CVSS 6.1
CVE-2021-25737 LOW
Kubernetes 1.16.0-1.18.18 - Unauthenticated Private Network Traffic Redirection via EndpointSlice IP Validation Bypass
CVSS 2.7
CVE-2021-39191 MEDIUM
mod_auth_openidc < 2.4.9.4 - Open Redirect via target_link_uri Parameter
CVSS 4.7
CVE-2021-38343 MEDIUM
Nested Pages WP <= 3.1.15 - Open Redirect
CVSS 4.7
CVE-2021-39112 MEDIUM
Atlassian Jira Server/Data Center <8.5.15, <8.6.0-8.13.7, <8.14.0-8...
CVSS 4.8
CVE-2021-30888 HIGH
iPadOS/iOS <14.8.1, macOS <12.0.1, tvOS <15.1, watchOS <8.1 - CSP Redirect Info Leak
CVSS 7.4
CVE-2021-37352 MEDIUM
Nagios XI < 5.8.5 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2021-37699 MEDIUM
Next.js 10.0.5-10.1.0 and 0.9.9-11.0.0 - Open Redirect via Specially Encoded Paths
CVSS 6.9
CVE-2021-22098 MEDIUM
Cloudfoundry Cf-deployment < 16.20.0 - Open Redirect
CVSS 6.1
CVE-2021-33707 MEDIUM
SAP NetWeaver Knowledge Management - Open Redirect
CVSS 6.1
CVE-2021-33331 MEDIUM
Liferay Portal/DXP <7.3.1/7.0 - Open Redirect
CVSS 6.1
CVE-2021-21579 MEDIUM
Dell EMC iDRAC9 < 4.40.40.00 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2021-21578 MEDIUM
Dell EMC iDRAC9 < 4.40.40.00 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2021-32806 MEDIUM
Products.isurlinportal <1.2.0 - Open Redirect
CVSS 6.5
CVE-2021-37746 MEDIUM
Claws Mail < 3.18.0 and Sylpheed < 3.7.0 - Open Redirect via Insufficient Link Validation
CVSS 6.1
CVE-2021-20789 MEDIUM
GroupSession <5.1.0 - Open Redirect
CVSS 6.1
CVE-2021-3664 MEDIUM
url-parse < 1.5.2 - URL Redirection to Untrusted Site
CVSS 5.3
CVE-2021-32786 MEDIUM
Apache mod_auth_openidc <2.4.9 - Open Redirect
CVSS 4.7
CVE-2021-35966 MEDIUM
Orca HCM < 10.0 - Open Redirect via Unfiltered Input Parameter
CVSS 6.1
CVE-2021-3647 MEDIUM
uri.js < 1.19.7 - URL Redirection to Untrusted Site
CVSS 6.1
CVE-2021-20534 LOW
IBM Security Verify Access Docker 10.0.0 - Open Redirect
CVSS 3.5
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits