CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2016-9078 HIGH
Firefox < 50.0.1 - URL Redirection to Untrusted Site via Data URL Origin Assignment
CVSS 8.8
CVE-2016-0329 MEDIUM
IBM Emptoris Sourcing <10.0.0.1_iFix3, <10.0.1.3_iFix3, <10.0.2.8_i...
CVSS 5.4
CVE-2016-8949 MEDIUM
IBM Emptoris Supplier Lifecycle Management <10.2 - Open Redirect
CVSS 5.4
CVE-2016-8953 MEDIUM
IBM Emptoris Sourcing <10.1.x - Open Redirect
CVSS 5.4
CVE-2016-8947 MEDIUM
IBM Emptoris Sourcing <10.1.x - Open Redirect
CVSS 6.1
CVE-2016-10365 MEDIUM
Kibana < 4.6.3 and < 5.0.1 - Open Redirect via Crafted Link
CVSS 6.1
CVE-2016-7831 MEDIUM
Sleipnir < 4.5.3 - URL Spoofing via Crafted Webpage
CVSS 6.1
CVE-2016-4859 MEDIUM
Splunk < 6.4.2 - Open Redirect
CVSS 6.1
CVE-2016-4857 MEDIUM
Splunk Enterprise 6.2.x-6.4.x and Splunk Light < 6.4.2 - Open Redirect
CVSS 6.1
CVE-2016-9099 MEDIUM
Symantec ASG/ProxySG <6.7.2.1, 6.5.10.6 - Open Redirect
CVSS 6.1
CVE-2016-10368 MEDIUM
Opsview Monitor Pro - Open Redirect via Login Back Parameter
CVSS 6.1
CVE-2016-4075 MEDIUM
Opera Mini 13 & Opera Stable 36 - XSS
CVSS 6.1
CVE-2016-1213 MEDIUM
Cybozu Garoon < 4.2.1 - Open Redirect via Scheduler Function
CVSS 6.1
CVE-2016-0228 MEDIUM
IBM Marketing Platform 10.0 - Open Redirect
CVSS 5.4
CVE-2016-4334 MEDIUM
Jive < 2016.3.1 - Open Redirect via external-link.jspa
CVSS 6.1
CVE-2016-10316 MEDIUM
Jensenofscandinavia Al3g Firmware - Open Redirect
CVSS 6.1
CVE-2016-10315 MEDIUM
Jensenofscandinavia Al3g Firmware - Open Redirect
CVSS 6.1
CVE-2016-7137 MEDIUM
Plone 3.3.x-3.3.6 4.x-4.3.11 5.x-5.0.6 - Open Redirect via Referer or Came_From Parameter
CVSS 6.1
CVE-2016-8376 MEDIUM
Kabona AB WebDatorCentral <3.4.0 - Open Redirect
CVSS 6.1
CVE-2016-8961 MEDIUM
IBM BigFix Inventory v9 - Open Redirect
CVSS 6.1
CVE-2016-6020 MEDIUM
IBM Sterling B2B Integrator Standard Edition - Open Redirect
CVSS 6.1
CVE-2016-6908 MEDIUM
Opera Browser 37.0.2192.105088 for Android - URL Spoofing via RTL Unicode Character Handling
CVSS 6.1
CVE-2016-5715 MEDIUM
Puppet Enterprise <2016.4.0 - Open Redirect
CVSS 6.1
CVE-2016-6657 HIGH
Pivotal Cloud Foundry Elastic Runtime - Open Redirect
CVSS 7.4
CVE-2016-3174 HIGH
Open-Xchange AppSuite < 7.8.0 - Open Redirect via Defer Servlet
CVSS 7.4
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits