CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2018-6200 MEDIUM
vBulletin 3.0.0-3.8.11 - Open Redirect via Redirector.php URL Parameter
CVSS 6.1
CVE-2018-0097 MEDIUM
Cisco Prime Infrastructure - Unauthenticated Open Redirect via HTTP Request Parameter
CVSS 6.1
CVE-2017-20164 MEDIUM
Symbiote Seed <6.0.2 - Open Redirect
CVSS 6.3
CVE-2017-20119 LOW
TrueConf Server 4.3.7 - Open Redirect
CVSS 3.5
CVE-2017-18897 MEDIUM
Mattermost Server <4.2.0-4.0.5 - Open Redirect
CVSS 6.1
CVE-2017-18891 MEDIUM
Mattermost Server <4.2.0-4.0.5 - Info Disclosure
CVSS 6.1
CVE-2017-18441 MEDIUM
cPanel 55.9999.61-56.0.21 - Unauthenticated Open Redirect
CVSS 5.0
CVE-2017-18414 HIGH
cPanel < 56.0.52 - Open Redirect via /unprotected/redirect.html
CVSS 7.4
CVE-2017-14394 MEDIUM
ForgeRock Access Management 5.0.0-5.1.1 and OpenAM 13.5.0-13.5.1 - Open Redirect via OAuth 2.0 Authorization Server
CVSS 6.1
CVE-2017-5871 MEDIUM
Odoo <= 8.0-20160726 and 9 - URL Redirection to Untrusted Site
CVSS 5.4
CVE-2017-18109 MEDIUM
Atlassian Crowd < 3.0.2 and 3.1.0 < 3.1.1 - Open Redirect via Login Resource
CVSS 6.1
CVE-2017-15419 MEDIUM
Redhat Enterprise Linux Desktop < 63.0.3239.84 - Open Redirect
CVSS 6.5
CVE-2017-8989 CRITICAL
HPE IceWall SSO Dfw <11.0 - Open Redirect
CVSS 9.1
CVE-2017-16652 MEDIUM
Symfony <2.7.38, <2.8.31, <3.2.14, <3.3.13 - Open Redirect
CVSS 6.1
CVE-2017-5389 MEDIUM
Firefox < 51.0 - Open Redirect via WebExtensions mozAddonManager API
CVSS 6.1
CVE-2017-16224 MEDIUM
st_project/st < 1.2.1 and npm/st < 1.2.2 - Open Redirect via URL-Encoded Path Traversal
CVSS 6.1
CVE-2017-1748 MEDIUM
IBM Connections 5.0, 5.5, and 6.0 - Open Redirect
CVSS 6.8
CVE-2017-18262 MEDIUM
Blackboard Learn - Unvalidated Redirect via Shibboleth Login Endpoint
CVSS 6.1
CVE-2017-0364 MEDIUM
MediaWiki < 1.23.16 - URL Redirection to Untrusted Site via Special:Search
CVSS 6.1
CVE-2017-0363 MEDIUM
MediaWiki < 1.23.16 - URL Redirection to Untrusted Site via Special:UserLogin returnto Parameter
CVSS 6.1
CVE-2017-7153 MEDIUM
Apple Products <11.2 - Info Disclosure
CVSS 6.1
CVE-2017-14802 MEDIUM
Novell Access Manager <4.3.3 - Open Redirect
CVSS 5.4
CVE-2017-6932 MEDIUM
Drupal 7.x < 7.57 - Open Redirect via Language Switcher Block
CVSS 4.7
CVE-2017-8945 MEDIUM
HPE IceWall Federation Agent <3.0 - Info Disclosure
CVSS 6.1
CVE-2017-18178 MEDIUM
Progress Sitefinity 9.1 - Authenticated Open Redirect via %40 Syntax
CVSS 6.1
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits