CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2021-29137 MEDIUM
Aruba AirWave < 8.2.12.1 - Open Redirect
CVSS 6.1
CVE-2021-31879 MEDIUM
GNU Wget < 1.21.1 - Authorization Header Exposure via Redirect
CVSS 6.1
CVE-2021-28125 MEDIUM
Apache Superset <= 1.0.1 - Open Redirect
CVSS 6.1
CVE-2021-29456 MEDIUM
Authelia < 4.28.0 - Open Redirect via HTTP Query Parameter
CVSS 5.7
CVE-2021-21392 MEDIUM
Synapse < 1.28.0 - Server-Side Request Forgery via Transitional IPv6 Address Handling
CVSS 6.3
CVE-2021-24210 MEDIUM
PhastPress < 1.111 - Open Redirect via Malformed Request
CVSS 6.1
CVE-2021-24165 MEDIUM
Ninja Forms < 3.4.34 - Open Redirect via OAuth Connect AJAX Action
CVSS 6.1
CVE-2021-29652 MEDIUM
Pomerium 0.10.0-0.13.3 - Open Redirect in User Sign-In/Out Process
CVSS 6.1
CVE-2021-29651 MEDIUM
Pomerium < 0.13.4 - Open Redirect
CVSS 6.1
CVE-2021-27352 MEDIUM
ilch_cms 2.1.42 - Open Redirect
CVSS 5.4
CVE-2021-1629 MEDIUM
Tableau Server 2019.4-2019.4.17 - Open Redirect via Email URL
CVSS 6.1
CVE-2021-23888 MEDIUM
McAfee ePolicy Orchestrator < 5.10.0 - Authenticated Open Redirect via Unvalidated Client-Side URL
CVSS 6.3
CVE-2021-21377 MEDIUM
OMERO.web < 5.9.0 - Open Redirect via Unvalidated URL Parameter
CVSS 4.8
CVE-2021-21338 MEDIUM
TYPO3 < 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 - Unauthenticated Open Redirect via Login Handling
CVSS 4.7
CVE-2021-21491 MEDIUM
SAP NetWeaver Application Server Java 7.00-7.50 - Open Redirect via WebDynpro Java
CVSS 6.1
CVE-2021-21337 MEDIUM
Products.PluggableAuthService < 2.6.1 - Open Redirect via Login Form
CVSS 5.7
CVE-2021-21354 HIGH
Pollbot < 1.4.4 - Open Redirect via URL Path Injection
CVSS 7.4
CVE-2021-21273 LOW
Synapse < 1.25.0 - Server-Side Request Forgery via Third-Party Invite Events and Push Notifications
CVSS 3.1
CVE-2021-21330 LOW
aiohttp < 3.7.4 - Open Redirect via normalize_path_middleware
CVSS 3.1
CVE-2021-3189 MEDIUM
slashify 1.0.0 - Open Redirect via Malformed URL Path
CVSS 6.1
CVE-2021-27404 MEDIUM
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 - Open Redirect via Host Header Injection
CVSS 6.1
CVE-2021-22984 MEDIUM
BIG-IP Advanced WAF/ASM Unauthenticated Open Redirect via Malicious URI
CVSS 6.1
CVE-2021-22881 MEDIUM
Action Pack <6.1.2.1, 6.0.3.5 - Open Redirect
CVSS 6.1
CVE-2021-21478 MEDIUM
SAP Web Dynpro ABAP - Open Redirect via Reverse Tabnabbing
CVSS 6.1
CVE-2021-21476 MEDIUM
SAP UI5 < 1.38.49, 1.52.49, 1.60.34, 1.71.31, 1.78.18, 1.84.5, 1.85.4, 1.86.1 - Open Redirect via Reverse Tabnabbing
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits