CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2020-26215 MEDIUM
Jupyter Notebook < 6.1.5 - Open Redirect via Maliciously Crafted Link
CVSS 4.4
CVE-2020-15300 MEDIUM
SuiteCRM < 7.11.13 - Open Redirect via SVG Document in Documents Module
CVSS 6.1
CVE-2020-28724 MEDIUM
Werkzeug < 0.11.6 - Open Redirect via Double Slash in URL
CVSS 6.1
CVE-2020-26219 MEDIUM
touchbase.ai < 2.0 - Open Redirect
CVSS 4.7
CVE-2020-26161 MEDIUM
Octopus Deploy 2019.8.2-2020.4.2 - Open Redirect via HTTP Host Header
CVSS 6.1
CVE-2020-3558 MEDIUM
Cisco Secure Firewall Management Center 6.2.0-6.2.3.16 - Unauthenticated Open Redirect via HTTP Request Parameter
CVSS 4.7
CVE-2020-6365 MEDIUM
SAP NetWeaver AS Java - Open Redirect
CVSS 6.1
CVE-2020-24551 MEDIUM
iproom MMC+ - Open Redirect via Login Page Parameter
CVSS 6.1
CVE-2020-15241 MEDIUM
TYPO3 Fluid Engine <2.0.5-2.6.1 - XSS
CVSS 4.7
CVE-2020-15242 MEDIUM
Next.js >=9.5.0-<9.5.4 - Open Redirect
CVSS 4.7
CVE-2020-15234 MEDIUM
ORY Fosite < 0.34.1 - Open Redirect via Case-Insensitive URL Comparison
CVSS 6.1
CVE-2020-15233 MEDIUM
ORY Fosite 0.30.2-0.34.0 - Open Redirect via Loopback Adapter
CVSS 6.1
CVE-2020-15677 MEDIUM
Firefox < 81.0, Firefox ESR < 78.3, Thunderbird < 78.3 - Open Redirect via Download File Dialog
CVSS 6.1
CVE-2020-4409 HIGH
IBM Maximo Asset Management 7.6.0-7.6.1 - Open Redirect via Tabnabbing
CVSS 8.2
CVE-2020-5627 MEDIUM
Yodobashi App <1.8.7 - Open Redirect
CVSS 6.1
CVE-2020-24554 HIGH
Liferay Portal < 7.3.3 - Denial of Service via Redirect Module
CVSS 7.5
CVE-2020-5623 MEDIUM
NITORI App for Android < 6.0.4 and iOS < 6.0.2 - Open Redirect via Malicious URL
CVSS 6.1
CVE-2020-24598 MEDIUM
Joomla! 3.0.0-3.9.21 - Open Redirect in com_content Vote Feature
CVSS 6.1
CVE-2020-5541 MEDIUM
CyberMail 6.x-7.x - Open Redirect via Crafted URL
CVSS 6.1
CVE-2020-10775 MEDIUM
ovirt-engine <4.4 - Open Redirect
CVSS 5.3
CVE-2020-4598 MEDIUM
IBM Security Guardium Insights 2.0.1 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2020-4653 MEDIUM
IBM Planning Analytics 2.0 - Open Redirect
CVSS 6.1
CVE-2020-15129 MEDIUM
Traefik <1.7.26, 2.2.8, 2.3.0-rc3 - Open Redirect
CVSS 6.1
CVE-2020-7520 MEDIUM
Schneider Electric Software Update < 2.4.0 - Open Redirect via Windows Registry Key Manipulation
CVSS 4.7
CVE-2020-8559 MEDIUM
Kubernetes <v1.16.13,v1.17.9,v1.18.6 - Open Redirect
CVSS 6.4
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits