CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2020-21998 MEDIUM
HomeAutomation 3.3.2 - Open Redirect via Redirect Parameter in api.php
CVSS 6.1
CVE-2020-9995 MEDIUM
macOS Server < 5.11 - Open Redirect and Cross-Site Scripting via URL Parsing
CVSS 6.1
CVE-2020-24550 MEDIUM
EpiServer Find <13.2.7 - Open Redirect
CVSS 6.1
CVE-2020-12483 HIGH
vivo appstore < 8.12.0.0 - Open Redirect via Remote App Download
CVSS 8.2
CVE-2020-28150 MEDIUM
i-net Clear Reports 20.10.136 - Open Redirect via User-Controlled Input
CVSS 6.1
CVE-2020-35560 MEDIUM
mymbCONNECT24 < 2.6.2 - Unauthenticated Open Redirect via redirect.php
CVSS 6.1
CVE-2020-13565 MEDIUM
OpenEMR and phpGACL - Open Redirect via return_page Parameter
CVSS 6.1
CVE-2020-22840 MEDIUM
b2evolution CMS <6.11.6 - Open Redirect
CVSS 6.1
CVE-2020-29537 MEDIUM
RSA Archer < 6.6.0.8 - Authenticated Open Redirect
CVSS 4.6
CVE-2020-1723 MEDIUM
Keycloak Gatekeeper (Louketo) <7.0.0 - Open Redirect
CVSS 6.1
CVE-2020-26979 MEDIUM
Firefox < 84.0 - URL Spoofing via Address Bar Event Capture
CVSS 6.1
CVE-2020-29498 MEDIUM
Dell Wyse Management Suite <3.1 - Open Redirect
CVSS 6.1
CVE-2020-25846 HIGH
NHIServiSignAdapter - URL Redirection to Untrusted Site via Digest Generation Function
CVSS 7.5
CVE-2020-25845 HIGH
NHIServiSignAdapter - Unauthenticated URL Redirection to Untrusted Site via SMB Request
CVSS 7.5
CVE-2020-35678 MEDIUM
Autobahn < 20.12.3 - Open Redirect via Redirect Header Injection
CVSS 6.1
CVE-2020-27729 MEDIUM
F5 BIG-IP Access Policy Manager 11.6.1-11.6.5 - Open Redirect via Undisclosed Link
CVSS 6.1
CVE-2020-4840 MEDIUM
IBM Security Secret Server 10.6 - Open Redirect
CVSS 6.1
CVE-2020-26275 MEDIUM
Jupyter Server <1.1.1 - Open Redirect
CVSS 6.1
CVE-2020-25901 MEDIUM
Spiceworks 7.5.7.0 - Open Redirect via Host Header Injection
CVSS 6.1
CVE-2020-4849 MEDIUM
IBM Tivoli Netcool Impact 7.1.0.0-7.1.0.19 - Open Redirect via Reverse Tabnabbing
CVSS 6.1
CVE-2020-26836 MEDIUM
SAP Solution Manager 720 - Open Redirect
CVSS 6.1
CVE-2020-29565 MEDIUM
OpenStack Horizon <18.5 - Open Redirect
CVSS 6.1
CVE-2020-27816 MEDIUM
Kibana < 4.7 - URL Redirection via Namespace Validation Bypass
CVSS 6.1
CVE-2020-26232 MEDIUM
Jupyter Server < 1.0.6 - Open Redirect via Maliciously Crafted Link
CVSS 4.1
CVE-2020-28726 MEDIUM
SeedDMS 6.0.13 - Open Redirect via dropfolderfileform1 Parameter
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits