CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2020-5733 MEDIUM
OpenMRS < 2.9.0 - Unauthenticated Sensitive Information Exposure via Data Export Module
CVSS 6.1
CVE-2020-5732 MEDIUM
OpenMRS < 2.9.0 - Unauthenticated Open Redirect via Data Exchange Module Import
CVSS 6.1
CVE-2020-11665 MEDIUM
CA API Developer Portal < 4.3.1 - Open Redirect via Login Redirect Parameter
CVSS 6.1
CVE-2020-11664 MEDIUM
CA API Developer Portal < 4.3.1 - Open Redirect via HomeRedirect Page
CVSS 6.1
CVE-2020-11663 MEDIUM
CA API Developer Portal < 4.3.1 - Open Redirect via 404 Request Handling
CVSS 6.1
CVE-2020-3954 MEDIUM
VMware vRealize Log Insight < 8.1.0 - Open Redirect via Improper Input Validation
CVSS 6.1
CVE-2020-6215 MEDIUM
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00 -...
CVSS 6.1
CVE-2020-6211 MEDIUM
SAP BusinessObjects <4.2 - Open Redirect
CVSS 6.1
CVE-2020-6223 MEDIUM
SAP BusinessObjects Business Intelligence Platform 4.1-4.2 - Content Spoofing via Error Page Modification
CVSS 6.1
CVE-2020-8430 MEDIUM
Stormshield Network Security 310 3.7.10 - Open Redirect
CVSS 6.1
CVE-2020-11611 MEDIUM
xdLocalStorage < 2.0.5 - Open Redirect via Wildcard TargetOrigin in postMessage
CVSS 6.1
CVE-2020-11515 MEDIUM
Rank Math SEO < 1.0.40.2 - Unauthenticated Arbitrary URI Creation via rankmath/v1/updateRedirection Endpoint
CVSS 6.1
CVE-2020-11529 MEDIUM
Grav < 1.7 - Open Redirect via Common/Grav.php
CVSS 6.1
CVE-2020-8143 MEDIUM
Revive Adserver <5.0.5 - Open Redirect
CVSS 6.1
CVE-2020-1927 MEDIUM
Apache HTTP Server 2.4.0-2.4.41 - URL Redirection to Untrusted Site via Encoded Newlines
CVSS 6.1
CVE-2020-6803 MEDIUM
Mozilla WebThings Gateway < 2020-02-26 - Open Redirect via Login Page
CVSS 5.4
CVE-2020-5233 MEDIUM
oauth2_proxy < 5.0.0 - Open Redirect
CVSS 5.9
CVE-2020-7936 MEDIUM
Plone 4.0-5.2.1 - Open Redirect via Login Form
CVSS 6.1
CVE-2019-25282 CRITICAL
V-SOL GPON/EPON OLT Platform v2.03 - Open Redirect
CVSS 9.8
CVE-2019-25155 MEDIUM
DOMPurify < 1.0.11 - Reverse Tabnabbing via Demo Page Links
CVSS 6.1
CVE-2019-14831 MEDIUM
Moodle 3.5.0-3.5.7 - Open Redirect via Forced Subscription Forum Link
CVSS 6.1
CVE-2019-14830 MEDIUM
Moodle 3.5.0-3.5.7 - Open Redirect via Mobile Launch Endpoint
CVSS 6.1
CVE-2019-15974 MEDIUM
Cisco Managed Services Accelerator < 3.7.0 - Unauthenticated Open Redirect via HTTP Request Parameter
CVSS 6.1
CVE-2019-12783 MEDIUM
Verint Impact 360 15.1 - Open Redirect via rd Parameter
CVSS 6.1
CVE-2019-20901 MEDIUM
Jira < 8.5.2 and 8.6.0 - Open Redirect via os_destination Parameter
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits