CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2017-2166 MEDIUM
GroupSession <4.7.0 - Open Redirect
CVSS 6.1
CVE-2017-1534 MEDIUM
IBM Security Access Manager Appliance 8.0.0 and 9.0.0 - Open Redirect
CVSS 6.1
CVE-2017-1668 MEDIUM
IBM Tivoli Key Lifecycle Manager <2.8 - Open Redirect
CVSS 6.1
CVE-2017-1000484 MEDIUM
Plone 2.5-5.1rc1 - Open Redirect via Specific URL Parameter
CVSS 6.1
CVE-2017-1000481 MEDIUM
Plone 2.5-5.1rc1 - Open Redirect via Login Form 'came_from' Parameter
CVSS 6.1
CVE-2017-1000434 MEDIUM
Wordpress plugin Furikake 0.1.0 - Open Redirect
CVSS 6.1
CVE-2017-1558 MEDIUM
IBM Maximo Asset Management 7.5-7.6 - Open Redirect
CVSS 6.1
CVE-2017-16679 MEDIUM
SAP Startup Service - Open Redirect
CVSS 6.1
CVE-2017-11482 MEDIUM
Kibana <6.0.1-5.6.5 - Open Redirect
CVSS 6.1
CVE-2017-3105 MEDIUM
Adobe RoboHelp < RH12.0.4.460 and RH2017 < RH2017.0.2 - Open Redirect
CVSS 6.1
CVE-2017-12344 MEDIUM
Cisco Data Center Network Manager - Open Redirect
CVSS 6.1
CVE-2017-1000163 MEDIUM
Phoenix Framework <1.0.4, 1.1.6, 1.2.2, 1.3.0-rc.0 - Open Redirect
CVSS 6.1
CVE-2017-11879 HIGH
ASP.NET Core 2.0 - Privilege Escalation
CVSS 8.8
CVE-2017-16761 MEDIUM
Inedo BuildMaster <5.8.2 - Open Redirect
CVSS 6.1
CVE-2017-16569 MEDIUM
Zurmo CRM 3.2.1.57987acc3018 - Open Redirect via redirectUrl Parameter
CVSS 4.8
CVE-2017-14358 MEDIUM
HP ArcSight ESM <6.9.1c-6.11.0 - Open Redirect
CVSS 6.1
CVE-2017-1000117 HIGH
Malicious Git HTTP Server For CVE-2017-1000117
CVSS 8.8
CVE-2017-8047 MEDIUM
Cloud Foundry router routing-release < 0.163.0 and cf-release < 274 - Open Redirect
CVSS 6.1
CVE-2017-14525 MEDIUM
OpenText Documentum Webtop 6.8.0160.0073 - Open Redirect
CVSS 6.1
CVE-2017-14524 MEDIUM
OpenText Documentum Administrator 7.2.0180.0055 - Open Redirect
CVSS 6.1
CVE-2017-14725 MEDIUM
WordPress < 4.8.2 - Authenticated Open Redirect
CVSS 5.4
CVE-2017-1002150 MEDIUM
python-fedora <0.8.0 - Open Redirect
CVSS 6.1
CVE-2017-1450 MEDIUM
IBM Emptoris Sourcing 9.5-10.1.3 - Open Redirect
CVSS 6.1
CVE-2017-1449 MEDIUM
IBM Emptoris Sourcing 9.5-10.1.3 - Open Redirect
CVSS 5.4
CVE-2017-14038 MEDIUM
CrushFTP <7.8.0, <8.2.0 - Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits