CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2017-1159 MEDIUM
IBM Business Process Manager <8.5 - Open Redirect
CVSS 5.4
CVE-2017-2497 MEDIUM
Apple Iphone OS < 10.3.1 - Open Redirect
CVSS 6.1
CVE-2017-9062 HIGH
WordPress < 4.7.5 - Cross-Site Request Forgery via XML-RPC API
CVSS 8.6
CVE-2017-1156 HIGH
IBM WebSphere Portal <9.0 - Open Redirect
CVSS 8.8
CVE-2017-3528 MEDIUM
Oracle E-Business Suite 12.1.3-12.2.6 - RCE
CVSS 5.4
CVE-2017-6604 MEDIUM
Cisco Unified Computing System - Unauthenticated Open Redirect via Web Interface
CVSS 6.1
CVE-2017-3889 MEDIUM
Cisco Registered Envelope Service - Open Redirect
CVSS 6.1
CVE-2017-7234 MEDIUM
Django <1.10.7, <1.9.13, <1.8.18 - Open Redirect
CVSS 6.1
CVE-2017-7233 MEDIUM
Django <1.10.7-1.9.13-1.8.18 - Open Redirect
CVSS 6.1
CVE-2017-2404 LOW
iPhone OS < 10.3 - Unauthenticated Arbitrary Telephone Call via Quick Look PDF tel: URL
CVSS 3.3
CVE-2017-7266 MEDIUM
Netflix Security Monkey <0.8.0 - Open Redirect
CVSS 6.1
CVE-2017-5615 MEDIUM
cPanel cgiemail and cgiecho - HTTP Header Injection via Newline in Redirect Location
CVSS 6.1
CVE-2017-5614 MEDIUM
cPanel 11.54.0.0-11.54.0.35 - Open Redirect via cgiemail/cgiecho Success/Failure Parameter
CVSS 6.1
CVE-2017-5571 MEDIUM
FlexNet Publisher < 11.14.1 - Open Redirect via lmadmin Component
CVSS 6.1
CVE-2017-3840 MEDIUM
Cisco ACS <5.8(2.5) - Open Redirect
CVSS 6.1
CVE-2017-3810 MEDIUM
Cisco Prime Service Catalog <10.0_R2_tanggula - Open Redirect
CVSS 5.4
CVE-2017-3799 MEDIUM
Cisco WebEx Meeting Center - Open Redirect
CVSS 5.4
CVE-2017-5474 MEDIUM
Serendipity < 2.0.5 - Open Redirect via HTTP Referer Header
CVSS 6.1
CVE-2016-15030 LOW
Arno0x TwoFactorAuth - Open Redirect
CVSS 3.5
CVE-2016-1000107 MEDIUM
Erlang/OTP < 22.1 - HTTP Proxy Header Injection via HTTP_PROXY Environment Variable
CVSS 6.1
CVE-2016-1000108 MEDIUM
yaws < 2.0.4 - Open Redirect via HTTP_PROXY Environment Variable
CVSS 6.1
CVE-2016-1000110 MEDIUM
Python < 2.7.13 - Open Redirect via HTTP_PROXY Variable
CVSS 6.1
CVE-2016-6154 MEDIUM
Watchguard Fireware < 11.11 - Reflected Cross-Site Scripting and Open Redirect
CVSS 6.1
CVE-2016-10769 MEDIUM
cPanel 11.54.0.0-11.54.0.33 - Open Redirect via FormMail-clone.cgi
CVSS 6.1
CVE-2016-10742 MEDIUM
Zabbix < 2.2.21rc1, 3.x < 3.0.13rc1, 3.1.x-3.2.x < 3.2.10rc1, 3.3.x-3.4.x < 3.4.4rc1 Open Redirect
CVSS 6.1
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits