CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2019-10372 MEDIUM
Jenkins Gitlab Authentication Plugin < 1.4 - Open Redirect via GitLabSecurityRealm
CVSS 6.1
CVE-2019-9140 HIGH
Happypoint <= 6.3.19 - URL Redirection and JavaScript Execution via Deeplink Scheme
CVSS 8.1
CVE-2019-14403 MEDIUM
cPanel < 78.0.18 - Open Redirect via Domain-Redirect Routing
CVSS 4.3
CVE-2019-1020016 MEDIUM
ash-aio < 2.0.0.3 - Open Redirect
CVSS 6.1
CVE-2019-1943 MEDIUM
Cisco Small Business 200, 300, and 500 Series Switches - Unauthenticated Open Redirect via HTTP Request Parameter
CVSS 4.7
CVE-2019-1010290 MEDIUM
Babel All - Open Redirect
CVSS 6.1
CVE-2019-1075 MEDIUM
ASP.NET Core 2.2.0-2.2.5 - Open Redirect
CVSS 6.1
CVE-2019-5969 MEDIUM
GROWI < 3.4.6 - Open Redirect via Login Process
CVSS 6.1
CVE-2019-5965 MEDIUM
Joruri Mail < 2.1.4 - Open Redirect
CVSS 6.1
CVE-2019-10721 MEDIUM
BlogEngine.NET 3.3.7.0 - Open Redirect via ReturnUrl Parameter
CVSS 6.1
CVE-2019-13175 MEDIUM
Read the Docs < 3.5.1 - Open Redirect via User-Defined Redirects
CVSS 6.1
CVE-2019-7275 MEDIUM
Optergy Proton/Enterprise - Open Redirect
CVSS 6.1
CVE-2019-13038 MEDIUM
mod_auth_mellon <= 0.14.2 - Open Redirect via ReturnTo Parameter
CVSS 6.1
CVE-2019-5823 MEDIUM
Google Chrome < 74.0.3729.108 - URL Redirection to Untrusted Site via Service Worker
CVSS 5.4
CVE-2019-10133 LOW
Moodle 3.1.0-3.1.17, 3.6.0-3.6.4 - Open Redirect via Cohort Upload Form
CVSS 3.1
CVE-2019-4153 MEDIUM
IBM Security Access Manager 9.0.1-9.0.6 - Open Redirect
CVSS 6.8
CVE-2019-11269 MEDIUM
Spring Security OAuth 2.0.0-2.0.17 - Open Redirect via redirect_uri Parameter
CVSS 5.4
CVE-2019-3477 MEDIUM
Micro Focus Solutions Business Manager < 11.4.2 - Open Redirect
CVSS 6.1
CVE-2019-4201 MEDIUM
IBM Jazz for Service Management 1.1.3-1.1.3.2 - Open Redirect
CVSS 6.1
CVE-2019-6741 CRITICAL
Samsung Galaxy S9 Firmware < 2019-01 - Open Redirect via Captive Portal
CVSS 9.3
CVE-2019-6781 HIGH
GitLab 11.5.0-11.5.7, 11.6.0-11.6.5, 11.7.0 - Open Redirect via Profile Name in Notification Emails
CVSS 7.5
CVE-2019-5946 MEDIUM
Cybozu Garoon 4.2.4-4.10.1 - Open Redirect via Login Screen
CVSS 6.1
CVE-2019-10117 MEDIUM
GitLab <11.7.8, <11.8.4, <11.9.2 - Open Redirect
CVSS 6.1
CVE-2019-8951 MEDIUM
Bosch DIVAR IP 2000 Firmware < 3.62.0019 - Open Redirect
CVSS 6.1
CVE-2019-5433 MEDIUM
Revive Adserver <4.2.0 - Open Redirect
CVSS 5.4
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits