CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2021-25757 MEDIUM
JetBrains Hub < 2020.1.12629 - Open Redirect
CVSS 6.1
CVE-2021-21291 MEDIUM
OAuth2 Proxy <7.0.0 - Open Redirect
CVSS 4.7
CVE-2021-22873 MEDIUM
Revive Adserver <5.1.0 - Open Redirect
CVSS 6.1
CVE-2021-1218 MEDIUM
Cisco Smart Software Manager satellite - Open Redirect
CVSS 5.4
CVE-2021-1310 MEDIUM
Cisco Webex Meetings < 40.11.1 - Unauthenticated Open Redirect via URL Parameter
CVSS 4.7
CVE-2020-36912 CRITICAL
Plexus anblick Digital Signage Management 3.1.13 - Open Redirect
CVSS 9.8
CVE-2020-36845 MEDIUM
KnowBe4 Security Awareness Training <2020-01-10 - Open Redirect
CVSS 5.3
CVE-2020-17484 MEDIUM
Uffizio's GPS Tracker - Open Redirect
CVSS 6.1
CVE-2020-21038 MEDIUM
typecho 1.1-17.10.30-release - Open Redirect via Referer Parameter
CVSS 6.1
CVE-2020-36665 MEDIUM
Artesãos SEOTools <0.17.1 - Open Redirect
CVSS 5.5
CVE-2020-36664 MEDIUM
Artesãos SEOTools <0.17.1 - Open Redirect
CVSS 5.5
CVE-2020-36663 MEDIUM
Artesãos SEOTools <0.17.1 - Open Redirect
CVSS 5.5
CVE-2020-36627 MEDIUM
Macaron i18n <0.5.0 - Open Redirect
CVSS 5.5
CVE-2020-26938 HIGH
oauth2-server < 3.1.1 - Open Redirect via Incorrect URI Pattern Validation
CVSS 7.2
CVE-2020-26877 MEDIUM
ApiFest OAuth 2.0 Server 0.3.1 - Open Redirect
CVSS 6.1
CVE-2020-14118 MEDIUM
Mi App Store < 4.10.0 - Intent Redirection to Untrusted App Installation
CVSS 6.1
CVE-2020-25154 MEDIUM
B. Braun SpaceCom < L81 and Data module compactplus A10-A11 - Open Redirect in Administrative Interface
CVSS 5.4
CVE-2020-18985 MEDIUM
Zimbra Collaboration 8.8.12 - Open Redirect
CVSS 6.1
CVE-2020-5329 MEDIUM
Dell EMC Avamar Server - Unauthenticated Open Redirect
CVSS 6.1
CVE-2020-23182 MEDIUM
php-fusion 9.03.60 - Open Redirect via Shoutbox Message Panel
CVSS 5.4
CVE-2020-18660 MEDIUM
GetSimpleCMS <=3.3.15 - Open Redirect
CVSS 6.1
CVE-2020-18268 MEDIUM
Z-BlogPHP < 1.5.2 - Open Redirect via zb_system/cmd.php Redirect Parameter
CVSS 6.1
CVE-2020-36365 MEDIUM
SmartStoreNET < 4.1.0 - Open Redirect via CommonController and ScheduleTaskController
CVSS 6.1
CVE-2020-13662 MEDIUM
Drupal Core < 7.70 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2020-23015 MEDIUM
OPNsense <= 20.1.5 - Open Redirect via Login Page URL Parameter
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits