CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2019-18815 MEDIUM
PopojiCMS 2.0.1 - Open Redirect via refer Parameter
CVSS 6.1
CVE-2019-4538 HIGH
IBM Security Directory Server 6.4.0 - Open Redirect
CVSS 8.2
CVE-2019-15041 MEDIUM
JetBrains YouTrack < 2019.1.52545 - Open Redirect via Unbounded URL Whitelisting
CVSS 6.1
CVE-2019-10098 MEDIUM
Apache HTTP Server 2.4.0-2.4.39 - Open Redirect via Encoded Newlines in mod_rewrite
CVSS 6.1
CVE-2019-14912 MEDIUM
PRiSE adAS 1.7.0 - Open Redirect via OPENSSO Goto Parameter
CVSS 6.1
CVE-2019-16393 MEDIUM
SPIP < 3.1.11 and 3.2 < 3.2.5 - Open Redirect via Header Injection
CVSS 6.1
CVE-2019-6009 MEDIUM
SHIRASAGI <= 1.7.0 - Open Redirect
CVSS 6.1
CVE-2019-6004 MEDIUM
Fujixerox ApeosWare Management Suite < 1.4.0.18 and ApeosWare Management Suite 2 < 2.1.2.4 - Open Redirect
CVSS 6.1
CVE-2019-5978 MEDIUM
Cybozu Garoon 4.0.0-4.10.2 - Open Redirect via Scheduler Application
CVSS 6.1
CVE-2019-16220 MEDIUM
WordPress < 5.2.3 - Open Redirect via wp_validate_redirect URL Path
CVSS 6.1
CVE-2019-14223 MEDIUM
Alfresco Community Edition <5.2.6, 6.0.N, 6.1.N - Open Redirect
CVSS 6.1
CVE-2019-15820 MEDIUM
login_or_logout_menu_item < 1.2.0 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2019-15818 MEDIUM
simple-301-redirects-addon-bulk-uploader < 1.2.4 - Open Redirect via bulk301export or bulk301clearlist
CVSS 6.1
CVE-2019-15816 HIGH
wp-private-content-plus <2.0 - Info Disclosure
CVSS 7.5
CVE-2019-15771 MEDIUM
Components For WP Bakery Page Builder < 6.0 - Open Redirect
CVSS 6.1
CVE-2019-15776 MEDIUM
simple-301-redirects-addon-bulk_uploader < 1.2.5 - Open Redirect via CSV File Import
CVSS 6.1
CVE-2019-15775 MEDIUM
nd-learning < 4.8 - Unauthenticated Open Redirect via SiteURL Modification
CVSS 6.1
CVE-2019-15774 MEDIUM
booking_project/booking < 2.5 - Unauthenticated Open Redirect via SiteURL Modification
CVSS 6.1
CVE-2019-15773 MEDIUM
nd-travel < 1.7 - Unauthenticated Open Redirect via SiteURL Modification
CVSS 6.1
CVE-2019-15772 MEDIUM
donations_project/donations < 1.4 - Unauthenticated Open Redirect via SiteURL Modification
CVSS 6.1
CVE-2019-10751 HIGH
httpie < 1.0.3 - Open Redirect and Arbitrary File Write via HTTP to Crafted URL
CVSS 8.8
CVE-2019-13422 MEDIUM
Search Guard Kibana Plugin < 5.6.8-7 - Open Redirect via Login
CVSS 6.1
CVE-2019-11589 MEDIUM
Jira <7.13.6, <8.0.0-<8.2.3, <8.3.0-<8.3.2 - Open Redirect
CVSS 6.1
CVE-2019-11585 MEDIUM
Jira <7.13.6, <8.0.0-<8.2.3, <8.3.0-<8.3.2 - Open Redirect
CVSS 6.1
CVE-2019-1954 MEDIUM
Cisco Webex Meetings Server < 4.0(1) - Unauthenticated Open Redirect via URL Parameter
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits