CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2018-14574 MEDIUM
Django <1.11.15, <2.0.8 - Open Redirect
CVSS 6.1
CVE-2018-14474 MEDIUM
Orange Forum 1.4.0 - Open Redirect via Next Parameter
CVSS 6.1
CVE-2018-14381 MEDIUM
Pagekit < 1.0.14 - Open Redirect via Login Redirect Parameter
CVSS 6.1
CVE-2018-1355 MEDIUM
FortiAnalyzer and FortiManager < 5.6.5 - Open Redirect via FortiView PDF Conversion
CVSS 6.1
CVE-2018-1000504 HIGH
Redirection <2.7.3 - Code Injection
CVSS 7.2
CVE-2018-11041 MEDIUM
Cloud Foundry UAA Open Redirect via Login Page Form Parameter
CVSS 6.1
CVE-2018-11408 MEDIUM
Symfony 2.7.0-2.7.47 - Open Redirect via Inlined security.http_utils
CVSS 6.1
CVE-2018-3743 MEDIUM
hekto <=0.2.3 - Open Redirect via HTML Filename
CVSS 6.1
CVE-2018-10651 MEDIUM
Citrix XenMobile Server <10.8-RP2, <10.7-RP3 - Open Redirect
CVSS 6.1
CVE-2018-11119 MEDIUM
ILIAS 5.1.0-5.1.25, 5.2.x, 5.3.0-5.3.4 - Authenticated Open Redirect via return_to_url Parameter
CVSS 6.1
CVE-2018-10678 MEDIUM
MyBB 1.8.15 - Open Redirect via Target Attribute Handling
CVSS 6.1
CVE-2018-5304 MEDIUM
Impinj Speedway Connect R420 - SSRF
CVSS 4.3
CVE-2018-1000174 MEDIUM
Jenkins Google Login Plugin <1.3 - Open Redirect
CVSS 6.1
CVE-2018-1248 MEDIUM
RSA Authentication Manager < 8.3 - Open Redirect via Host Header Injection
CVSS 6.1
CVE-2018-10101 MEDIUM
WordPress < 4.9.5 - Open Redirect via Localhost URL Validation
CVSS 6.1
CVE-2018-10100 MEDIUM
WordPress < 4.9.5 - Open Redirect via Login Page HTTPS Redirection
CVSS 6.1
CVE-2018-8813 MEDIUM
WolfCMS 0.8.3.1 - Open Redirect via Login Redirect Parameter
CVSS 4.8
CVE-2018-3819 MEDIUM
Kibana < 5.6.7 - Open Redirect via Login Page
CVSS 6.1
CVE-2018-7674 LOW
NetIQ Identity Manager < 4.6 - URL Redirection to Untrusted Site
CVSS 2.1
CVE-2018-8937 MEDIUM
Open-AudIT Professional 2.1 - Open Redirect via Redirect_URL Parameter
CVSS 6.1
CVE-2018-0924 MEDIUM
Microsoft Exchange Server - Open Redirect via URL Redirection
CVSS 6.5
CVE-2018-1220 MEDIUM
RSA Archer < 6.2.0.8 - Open Redirect via QuickLinks Feature
CVSS 6.1
CVE-2018-7473 MEDIUM
SO Connect SO WIFI Hotspot Firmware - Open Redirect via URL Parameter
CVSS 6.1
CVE-2018-6324 MEDIUM
F-Secure Radar < 3.9.1 - Unvalidated Redirect via ReturnUrl Parameter
CVSS 6.1
CVE-2018-6520 MEDIUM
SimpleSAMLphp < 1.15.2 - Open Redirect via Crafted Authority Data
CVSS 6.1
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits