CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2020-5607 MEDIUM
SHIRASAGI <= 1.13.1 - Open Redirect
CVSS 6.1
CVE-2020-11882 MEDIUM
O2 Business 1.2.0 - Open Redirect via Unvalidated Deeplink Handling
CVSS 6.1
CVE-2020-4037 MEDIUM
OAuth2 Proxy 5.1.1-6.0.0 - Open Redirect via Authentication Flow
CVSS 4.3
CVE-2020-14454 MEDIUM
Mattermost Desktop App < 4.4.0 - Open Redirect via Server Redirection Mishandling
CVSS 6.1
CVE-2020-14446 MEDIUM
WSO2 Identity Server and IS as Key Manager < 5.10.0 - Open Redirect
CVSS 6.1
CVE-2020-3337 MEDIUM
Cisco Umbrella - Unauthenticated Open Redirect via URL Parameter
CVSS 6.1
CVE-2020-4048 MEDIUM
WordPress 3.7-3.7.33 - Open Redirect via URL Sanitization Issue
CVSS 5.7
CVE-2020-6266 MEDIUM
SAP Fiori for SAP S/4HANA - Open Redirect
CVSS 5.4
CVE-2020-1323 MEDIUM
Microsoft SharePoint - Open Redirect via Specially Crafted URL
CVSS 6.1
CVE-2020-1220 MEDIUM
Microsoft Edge (Chromium-based) in IE Mode - Open Redirect
CVSS 6.1
CVE-2020-10959 MEDIUM
MediaWiki < 1.35 - Unauthenticated Open Redirect via HTML Content in Page
CVSS 6.1
CVE-2020-13486 MEDIUM
verbb knock_knock < 1.2.8 - Open Redirect
CVSS 6.1
CVE-2020-1059 MEDIUM
Microsoft Edge - URL Redirection to Untrusted Site via HTTP Content Parsing
CVSS 4.3
CVE-2020-13121 MEDIUM
Submitty <= 20.04.01 - Open Redirect via Login Old Parameter
CVSS 6.1
CVE-2020-5409 MEDIUM
Pivotal Concourse <6.0.0 - Open Redirect
CVSS 6.1
CVE-2020-1997 MEDIUM
PAN-OS 7.1.0-7.1.25 - URL Redirection to Untrusted Site via GlobalProtect Component
CVSS 5.3
CVE-2020-12699 MEDIUM
TYPO3 direct_mail <5.2.3 - Open Redirect
CVSS 6.1
CVE-2020-11053 HIGH
OAuth2 Proxy <5.1.1 - Open Redirect
CVSS 7.1
CVE-2020-3311 MEDIUM
Cisco Firepower Management Center - Open Redirect
CVSS 6.1
CVE-2020-3178 MEDIUM
Cisco AsyncOS Software - Open Redirect
CVSS 6.1
CVE-2020-12666 MEDIUM
macaron < 1.3.7 - Open Redirect via Static Handler
CVSS 6.1
CVE-2020-11034 MEDIUM
GLPI < 9.4.6 - Open Redirect via Regex Protection Bypass
CVSS 6.1
CVE-2020-5337 MEDIUM
RSA Archer < 6.7.0.1 - Unauthenticated Open Redirect via Malicious Link
CVSS 4.6
CVE-2020-12283 MEDIUM
Sourcegraph < 3.15.1 - Open Redirect via SafeRedirectURL Validation Bypass
CVSS 6.1
CVE-2020-5270 MEDIUM
PrestaShop 1.7.6.0-1.7.6.5 - Open Redirect via Back Parameter
CVSS 4.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits