CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2019-4209 MEDIUM
HCL Connections 5.5, 6.0, 6.5 - Open Redirect
CVSS 6.1
CVE-2019-19484 MEDIUM
Centreon < 19.04.4 - Open Redirect via Login Page 'p' Parameter
CVSS 6.1
CVE-2019-14882 MEDIUM
Moodle 3.5.0-3.5.9, 3.6-3.6.7, 3.7-3.7.3 - Open Redirect in Lesson Edit Page
CVSS 6.1
CVE-2019-19613 MEDIUM
Halvotec RaQuest <10.23.10801.0 - Open Redirect
CVSS 5.2
CVE-2019-6696 MEDIUM
FortiOS 5.4.0-6.0.8 - URL Redirection via Admin Initial Password Change Webpage
CVSS 6.1
CVE-2019-4595 MEDIUM
IBM Sterling B2B Integrator Standard Edition <5.2.6.5 - Open Redirect
CVSS 6.1
CVE-2019-20479 MEDIUM
mod_auth_openidc < 2.4.1 - Open Redirect via Slash and Backslash URL Prefix
CVSS 6.1
CVE-2019-19758 MEDIUM
Lenovo EZ Media & Backup Center ix2 and ix2-dl < 4.1.406.34763 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2019-4631 MEDIUM
IBM Security Secret Server 10.7 - Open Redirect
CVSS 6.1
CVE-2019-17151 MEDIUM
Tencent WeChat < 7.0.9 - Open Redirect via User Profile Name
CVSS 5.4
CVE-2019-20225 MEDIUM
MyBB < 1.8.22 - Open Redirect on Login
CVSS 6.1
CVE-2019-6035 MEDIUM
Athenz < 1.8.24 - Open Redirect via Specially Crafted Page
CVSS 6.1
CVE-2019-6025 MEDIUM
Movable Type < 6.3.9, 6.5.0-6.5.1, < 7.1.3, Premium < 1.24 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2019-6021 MEDIUM
Ricoh LIMEDIO - Open Redirect via Specially Crafted URL
CVSS 6.1
CVE-2019-6020 MEDIUM
PowerCMS < 3.293 - Open Redirect via Crafted URL
CVSS 6.1
CVE-2019-18781 MEDIUM
Zoho ManageEngine ADSelfService Plus <5.5809 - Open Redirect
CVSS 6.1
CVE-2019-8791 MEDIUM
Shazam < 9.25.0 (Android) and < 12.11.0 (iOS) - Open Redirect via URL Scheme Parsing
CVSS 6.1
CVE-2019-19775 MEDIUM
Zulip Server 1.9.0-2.0.8 - Open Redirect via Image Thumbnailing Handler
CVSS 6.1
CVE-2019-19709 MEDIUM
MediaWiki < 1.33.1 - Open Redirect via Title Blacklist Bypass
CVSS 6.1
CVE-2019-1486 MEDIUM
Visual Studio Live Share < 1.0.1374 - Open Redirect via Session Host URL
CVSS 6.1
CVE-2019-19703 MEDIUM
Ktor < 1.2.6 - Unauthenticated Open Redirect via Authorization Header
CVSS 6.1
CVE-2019-18451 MEDIUM
GitLab 10.7.4-12.4 - Open Redirect via InternalRedirect Filtering
CVSS 6.1
CVE-2019-15688 MEDIUM
Kaspersky Anti-Virus < 2020 - Open Redirect via Web Protection Component
CVSS 6.1
CVE-2019-14857 MEDIUM
mod_auth_openidc < 2.4.0.1 - Open Redirect via Trailing Slash URL
CVSS 6.1
CVE-2019-15073 MEDIUM
Openfind MAIL2000 6.0-7.0 - Unauthenticated Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits