CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2018-13257 MEDIUM
Blackboard Learn - Open Redirect via HTTP Host Header Spoofing
CVSS 6.1
CVE-2018-20929 MEDIUM
cPanel < 62.0.42 - Open Redirect via /unprotected/redirect.html Endpoint
CVSS 6.1
CVE-2018-20867 MEDIUM
cPanel < 76.0.8 - Open Redirect via Connection Reset
CVSS 6.1
CVE-2018-12621 MEDIUM
Eventum 3.5.0 - Open Redirect via current_page Parameter
CVSS 6.1
CVE-2018-13384 MEDIUM
FortiOS < 6.0.5 - Host Header Redirection via SSL VPN Web Portal
CVSS 6.1
CVE-2018-12300 MEDIUM
Seagate NAS OS <4.3.15.1 - Info Disclosure
CVSS 6.1
CVE-2018-14931 MEDIUM
Polaris FT Intellect Core Banking <9.7.1 - Open Redirect
CVSS 6.1
CVE-2018-20698 MEDIUM
Search Guard < 6.3.0-16 - Open Redirect via Login Page BasePath Parameter
CVSS 6.1
CVE-2018-15180 MEDIUM
qTest Portal <9.0.0 - Open Redirect
CVSS 6.1
CVE-2018-8913 HIGH
Synology Web Station <2.1.3-0139 - CSRF
CVSS 7.1
CVE-2018-17422 MEDIUM
dotcms < 5.0.2 - Open Redirect via FORWARD_URL or hostname Parameter
CVSS 6.1
CVE-2018-1939 MEDIUM
IBM Cloud Private 3.1.1 - Open Redirect
CVSS 6.8
CVE-2018-1875 HIGH
IBM InfoSphere Information Governance Catalog 11.3, 11.5, 11.7 - Open Redirect
CVSS 7.4
CVE-2018-19106 MEDIUM
Avi Vantage < 17.2.13 - Open Redirect via Invalid URL Encoding
CVSS 6.1
CVE-2018-16191 MEDIUM
EC-CUBE 3.0.0-3.0.16 - Open Redirect
CVSS 6.1
CVE-2018-16174 MEDIUM
LearnPress < 3.1.0 - Open Redirect
CVSS 6.1
CVE-2018-0688 MEDIUM
Epson Printers and Scanners - Open Redirect via Web Interface
CVSS 6.1
CVE-2018-15798 HIGH
Concourse 4.0.0-4.2.1 and 0-5.2.7 - Unauthenticated Open Redirect via oAuth Login Flow
CVSS 7.6
CVE-2018-19790 MEDIUM
Symfony 2.7.0-2.7.49, 2.8.0-2.8.48, 3.0.0-3.4.19, 4.0.0-4.0.14, 4.1.0-4.1.8, 4.2.0 Open Redirect via Backslash
CVSS 6.1
CVE-2018-7804 MEDIUM
Modicon M340-Quantum - Open Redirect
CVSS 6.1
CVE-2018-7797 MEDIUM
Power Monitoring Expert - Open Redirect
CVSS 6.1
CVE-2018-13813 HIGH
SIMATIC HMI and WinCC < V15 Update 4 - Authenticated Open Redirect
CVSS 8.1
CVE-2018-1654 MEDIUM
IBM Curam Social Program Management <7.0.3 - Open Redirect
CVSS 6.8
CVE-2018-19796 MEDIUM
Ninja Forms <3.3.19.1 - Open Redirect
CVSS 6.1
CVE-2018-11067 MEDIUM
Dell EMC Avamar and Integrated Data Protection Appliance - Unauthenticated Open Redirect via Malicious Link
CVSS 6.1
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits