CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,530 vulnerabilities with CWE-601
CVE-2019-4166 MEDIUM
IBM StoredIQ 7.6.0.0-7.6.0.17 - Open Redirect
CVSS 6.1
CVE-2019-3788 HIGH
Cloud Foundry UAA Release < 71.0 - Unauthenticated Open Redirect via Wildcard Subdomain
CVSS 8.7
CVE-2019-10955 MEDIUM
Rockwell Automation MicroLogix and CompactLogix - Unauthenticated Open Redirect
CVSS 6.1
CVE-2019-4092 MEDIUM
IBM Content Navigator 2.0.3 and 3.0CD - Open Redirect via Crafted URL
CVSS 6.1
CVE-2019-8995 MEDIUM
TIBCO ActiveMatrix BPM and Silver Fabric Enabler <= 4.2.0 - Open Redirect via Workspace Client
CVSS 6.1
CVE-2019-11016 MEDIUM
Elgg < 1.12.18 and 2.3.x < 2.3.11 - Open Redirect
CVSS 6.1
CVE-2019-10856 MEDIUM
Jupyter Notebook < 5.7.8 - Open Redirect via Empty Netloc
CVSS 6.1
CVE-2019-10255 MEDIUM
JupyterHub < 0.9.5 and Jupyter Notebook < 5.7.7 - Open Redirect via Login Page
CVSS 6.1
CVE-2019-3877 MEDIUM
mod_auth_mellon < 0.14.2 - Open Redirect via Backslash URL Bypass
CVSS 5.8
CVE-2019-3850 MEDIUM
moodle < 3.1.17 - Open Redirect via Assignment Submission Comment Links
CVSS 4.3
CVE-2019-4035 MEDIUM
IBM Content Navigator 3.0CD - Open Redirect via Edit Client
CVSS 5.4
CVE-2019-9915 MEDIUM
GetSimpleCMS 3.3.13 - Open Redirect
CVSS 6.1
CVE-2019-9837 MEDIUM
Doorkeeper::OpenidConnect <1.5.4 - Open Redirect
CVSS 6.1
CVE-2019-7416 MEDIUM
OpenText Documentum Webtop 5.3 SP2 - XSS
CVSS 6.1
CVE-2019-3778 MEDIUM
Spring Security OAuth < 2.0.17 - Open Redirect via Authorization Endpoint
CVSS 6.5
CVE-2019-0540 MEDIUM
Microsoft Office - URL Redirection to Untrusted Site via Unvalidated URLs
CVSS 5.5
CVE-2019-5915 MEDIUM
OpenAM 13.0 - Open Redirect via Crafted Page
CVSS 6.1
CVE-2019-3912 MEDIUM
LabKey Server Community Edition < 18.3.0-61806.763 - Unauthenticated Open Redirect via /__r1/ returnURL Parameter
CVSS 6.1
CVE-2019-6780 MEDIUM
Wise Chat < 2.7 - Open Redirect via External Link Handling
CVSS 6.1
CVE-2018-25245 HIGH
7 Tik 1.0.1.0 Denial of Service via Search
CVSS 7.5
CVE-2018-25091 MEDIUM
urllib3 < 1.24.2 - Unauthenticated Credential Exposure via Cross-Origin Redirect
CVSS 6.1
CVE-2018-18288 MEDIUM
CrushFTP <= 8.3.0 - Credential Theft via Open Redirect
CVSS 6.1
CVE-2018-1002102 LOW
Kubernetes < 1.14.0 - URL Redirection to Untrusted Site via Kubelet Streaming Endpoints
CVSS 2.6
CVE-2018-13257 MEDIUM
Blackboard Learn - Open Redirect via HTTP Host Header Spoofing
CVSS 6.1
CVE-2018-20929 MEDIUM
cPanel < 62.0.42 - Open Redirect via /unprotected/redirect.html Endpoint
CVSS 6.1
Details
Vulnerabilities 1,530
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits