CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2018-17948 MEDIUM
Micro Focus Access Manager < 4.4 SP3 - Open Redirect
CVSS 6.1
CVE-2018-2476 MEDIUM
SAP NetWeaver 7.30, 7.31, 7.40 - Open Redirect via Insufficient URL Validation
CVSS 6.1
CVE-2018-14658 MEDIUM
JBOSS Keycloak 3.2.1.Final - Open Redirect
CVSS 6.1
CVE-2018-13402 MEDIUM
Atlassian Jira < 7.6.9 - Open Redirect
CVSS 6.1
CVE-2018-13401 MEDIUM
Atlassian Jira Open Redirect via XsrfErrorAction Resource
CVSS 6.1
CVE-2018-12675 MEDIUM
SV3C HD Camera L-SERIES V2.3.4.2103-S50-NTD-B20170508B and V2.3.4.2103-S50-NTD-B20170823B - Open Redirect
CVSS 6.1
CVE-2018-15493 MEDIUM
vBulletin 5.4.3 - Open Redirect
CVSS 6.1
CVE-2018-15403 MEDIUM
Cisco Unified Communications Manager - Authenticated Open Redirect via HTTP Request Parameters
CVSS 5.4
CVE-2018-11784 MEDIUM
Apache Tomcat 7.0.23-7.0.90, 8.5.0-8.5.33, 9.0.0.M1-9.0.11 - Open Redirect via Default Servlet
CVSS 4.3
CVE-2018-17870 MEDIUM
BTITeam XBTIT <2.5.4 - Open Redirect
CVSS 6.1
CVE-2018-1251 HIGH
Dell EMC Unity and UnityVSA < 4.3.1.1525703027 - Unauthenticated Open Redirect via Unisphere URL
CVSS 8.3
CVE-2018-1704 MEDIUM
IBM Platform Symphony 7.1 Fix Pack 1, 7.1.1 and IBM Spectrum Symphony 7.1.2, 7.2.0.2 - Open Redirect
CVSS 6.8
CVE-2018-1736 HIGH
IBM WebSphere Portal 7.0, 8.0, 8.5, 9.0 - Open Redirect
CVSS 7.4
CVE-2018-16954 MEDIUM
Oracle WebCenter Interaction Portal 10.3.3 - Open Redirect
CVSS 6.1
CVE-2018-17074 MEDIUM
Feed Statistics < 4.0 - Open Redirect via feed-stats-url Parameter
CVSS 6.1
CVE-2018-5548 MEDIUM
BIG-IP APM 11.6.0-11.6.3 - Open Redirect
CVSS 6.1
CVE-2018-16761 MEDIUM
Eventum < 3.4.0 - Open Redirect
CVSS 6.1
CVE-2018-14398 MEDIUM
Creme CRM <1.6.12 - Open Redirect
CVSS 6.1
CVE-2018-14366 MEDIUM
Pulse Secure <8.1R13, <8.3R4 & <5.2R10, <5.4R4 - Open Redirect
CVSS 6.1
CVE-2018-1000671 MEDIUM
sympa >= 6.2.16 - Open Redirect and Reflected Cross-Site Scripting via Referer Parameter
CVSS 6.1
CVE-2018-15683 MEDIUM
BTITeam XBTIT < 2.5.4 - Open Redirect via Login Page Returnto Parameter
CVSS 6.1
CVE-2018-3774 CRITICAL
url-parse < 1.4.3 - Server-Side Request Forgery via Incorrect Hostname Parsing
CVSS 10.0
CVE-2018-7692 MEDIUM
Micro Focus eDirectory < 9.1.1 - Unvalidated Redirect
CVSS 6.1
CVE-2018-15178 MEDIUM
Gogs < 0.12 - Open Redirect via User Login Redirect Parameter
CVSS 6.1
CVE-2018-7091 MEDIUM
HP XP P9000 Command View Advanced Edition 7.0.0-00-8.60-00 - Open Redirect in DevMgr, TSMgr, and RepMgr
CVSS 6.1
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits