CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2017-1195 MEDIUM
IBM Curam Social Program Management <7.0 - Open Redirect
CVSS 6.1
CVE-2017-1489 MEDIUM
IBM Security Access Manager 6.1-9.0 - Open Redirect via ECSSO Master Authentication
CVSS 6.1
CVE-2017-3085 HIGH
Adobe Flash Player < 26.0.0.137 - Security Bypass and Information Disclosure via URL Redirect
CVSS 7.4
CVE-2017-1448 MEDIUM
IBM Emptoris Strategic Supply Management 10.0.x-10.1.x - Open Redirect
CVSS 5.4
CVE-2017-12138 MEDIUM
XOOPS Core 2.5.8 - Stored Open Redirect via URL Filter Bypass
CVSS 6.1
CVE-2017-11725 MEDIUM
Thycotic Secret Server <10.2.000019 - CSRF
CVSS 5.4
CVE-2017-11718 MEDIUM
MetInfo <= 5.3.17 - Open Redirect via gourl Parameter
CVSS 6.1
CVE-2017-1287 MEDIUM
IBM Rhapsody Design Manager 5.0-6.0.3 - Open Redirect
CVSS 5.4
CVE-2017-11586 MEDIUM
dayrui FineCms 5.0.9 - Open Redirect
CVSS 6.1
CVE-2017-1223 MEDIUM
IBM BigFix Platform - Open Redirect via Crafted URL
CVSS 6.1
CVE-2017-1000070 MEDIUM
Bitly oauth2_proxy <2.1 - Open Redirect
CVSS 6.1
CVE-2017-1000027 MEDIUM
Koozali Foundation SME Server <10 - Open Redirect
CVSS 6.1
CVE-2017-1000013 MEDIUM
phpMyAdmin 4.0, 4.4, 4.6 - Open Redirect
CVSS 6.1
CVE-2017-8621 MEDIUM
Microsoft Exchange Server 2010 SP3, 2013 SP3, 2013 CU16, 2016 CU5 - Open Redirect
CVSS 6.1
CVE-2017-1398 MEDIUM
IBM WebSphere Commerce - Open Redirect
CVSS 6.1
CVE-2017-2217 MEDIUM
WordPress Download Manager <2.9.51 - Open Redirect
CVSS 6.1
CVE-2017-5002 MEDIUM
EMC RSA Archer <5.5.3.1 - Open Redirect
CVSS 6.1
CVE-2017-6018 MEDIUM
Bbraun Station Firmware - Open Redirect
CVSS 6.1
CVE-2017-8451 MEDIUM
Kibana < 5.3.0 and Elastic X-Pack Security < 5.3.1 - Open Redirect via Login Page
CVSS 6.1
CVE-2017-9464 MEDIUM
Piwigo < 2.9.0 - Open Redirect via identification.php Redirect Parameter
CVSS 6.1
CVE-2017-6670 MEDIUM
Cisco Unified Communications Domain Manager 8.1(7)ER1 - Unauthenticated Open Redirect
CVSS 6.1
CVE-2017-9297 MEDIUM
Hitachi Device Manager <8.5.2-01 - Open Redirect
CVSS 6.1
CVE-2017-9296 MEDIUM
Hitachi Device Manager < 8.5.2 - Open Redirect
CVSS 6.1
CVE-2017-7343 MEDIUM
Fortinet FortiPortal <4.0.0 - Open Redirect
CVSS 6.1
CVE-2017-3126 MEDIUM
Fortinet FortiAnalyzer and FortiManager 5.4.0-5.4.2 - Open Redirect via Next Parameter
CVSS 6.1
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits