CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2021-35037 MEDIUM
Jamf Pro < 10.30.1 - Unvalidated URL Redirect
CVSS 6.1
CVE-2021-24406 MEDIUM
wpForo Forum < 1.9.7 - Open Redirect via Login Form redirect_to Parameter
CVSS 6.1
CVE-2021-23401 MEDIUM
Flask-User - Open Redirect via URL Validation Bypass
CVSS 5.4
CVE-2021-34807 MEDIUM
Zimbra Collaboration Suite <= 9.0 - Authenticated Open Redirect via /preauth Servlet
CVSS 6.1
CVE-2021-32721 MEDIUM
PowerMux < 1.1.1 - Open Redirect via Trailing Slash Redirection
CVSS 4.7
CVE-2021-20105 MEDIUM
Machform < 16 - Open Redirect via Safari_init.php Ref Parameter
CVSS 6.1
CVE-2021-34254 MEDIUM
Umbraco CMS < 7.15.7 - Open Redirect via booting.aspx
CVSS 6.1
CVE-2021-25655 MEDIUM
Avaya Aura Experience Portal 7.0-7.2.3 and 8.0.0 - URL Redirection to Untrusted Site via Service Menu Component
CVSS 4.4
CVE-2021-35206 MEDIUM
Gitpod < 0.6.0 - Unvalidated Redirect
CVSS 6.1
CVE-2021-32956 MEDIUM
Advantech WebAccess/SCADA <9.0.1 - Open Redirect
CVSS 6.1
CVE-2021-24358 MEDIUM
The Plus Addons for Elementor < 4.1.10 - Open Redirect via Unvalidated Redirect Parameter
CVSS 6.1
CVE-2021-22903 MEDIUM
Actionpack <6.1.3.2 - Open Redirect
CVSS 6.1
CVE-2021-23393 MEDIUM
Flask-Unchained < 0.9.0 - Open Redirect via Backslash Bypass in _validate_redirect_url
CVSS 5.4
CVE-2021-31252 MEDIUM
Chiyu-Tech Firmware - Open Redirect via Crafted URL
CVSS 6.1
CVE-2021-1525 MEDIUM
Cisco Webex Meetings and Webex Meetings Server - Unauthenticated Open Redirect via URL Path Validation Bypass
CVSS 4.7
CVE-2021-25640 MEDIUM
Apache Dubbo 2.5.0-2.6.8 and 2.7.0-2.7.9 - Server-Side Request Forgery via parseURL Host Check Bypass
CVSS 6.1
CVE-2021-32645 MEDIUM
tenancy/multi-tenant 5.6.0-5.7.1 - Open Redirect via Hostname Identification
CVSS 6.1
CVE-2021-23387 MEDIUM
trailing-slash < 2.0.1 - Open Redirect via Trailing Double Slashes
CVSS 5.4
CVE-2021-1358 MEDIUM
Cisco Finesse < 12.6(1) - Unauthenticated Open Redirect via URL Parameter
CVSS 4.7
CVE-2021-29622 MEDIUM
Prometheus 2.23.0-2.26.0 - Open Redirect via /new Endpoint
CVSS 6.5
CVE-2021-32618 LOW
Flask-Security-Too < 4.1.0 - Open Redirect via Next Parameter
CVSS 3.1
CVE-2021-23384 MEDIUM
koa-remove-trailing-slashes < 2.0.2 - Open Redirect via Trailing Double Slashes
CVSS 5.4
CVE-2021-24288 MEDIUM
acymailing < 7.5.0 - Open Redirect via Redirect Parameter
CVSS 6.1
CVE-2021-27612 MEDIUM
SAP GUI for Windows <7.70 - Open Redirect
CVSS 6.1
CVE-2021-1397 MEDIUM
Cisco Integrated Management Controller < 3.2(12.4) - Unauthenticated Open Redirect via HTTP Request Parameters
CVSS 4.7
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits