CWE-601

Low likelihood

URL Redirection to Untrusted Site ('Open Redirect')

Parent: CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

1,532 vulnerabilities with CWE-601
CVE-2015-3880 MEDIUM
phpBB <3.0.14, <3.1.4 - Open Redirect
CVSS 6.1
CVE-2015-2750 MEDIUM
Drupal 6.x < 6.35 and 7.x < 7.35 - Open Redirect via URL API Functions
CVSS 6.1
CVE-2015-2749 MEDIUM
Drupal 6.x < 6.35 and 7.x < 7.35 - Open Redirect via Destination Parameter
CVSS 6.1
CVE-2015-5054 MEDIUM
Ellucian Banner Student - Open Redirect
CVSS 6.1
CVE-2015-3190 MEDIUM
Cloud Foundry <v209 - Open Redirect
CVSS 6.1
CVE-2015-5241 MEDIUM
Apache jUDDI 3.1.2-3.1.5 - Open Redirect
CVSS 6.1
CVE-2015-4070 MEDIUM
Wow Moodboard Lite 1.1.1.1 - Open Redirect via URL Parameter
CVSS 6.1
CVE-2015-9058 MEDIUM
Proxmox Mail Gateway < 4.0-4/b38fc5d9 - Open Redirect via Destination Parameter
CVSS 6.1
CVE-2015-6501 MEDIUM
Puppet Enterprise < 2015.2.0 - Open Redirect via String Parameter
CVSS 6.1
CVE-2015-5354
Novius OS 5.0.1 - Open Redirect via Login Redirect Parameter
CVE-2015-0697
Cisco TelePresence TC Software < 6.3-26 and 7.x < 7.3.0 - Open Redirect via Login Page
CVE-2014-9617 MEDIUM
Netsweeper < 4.0.5 - Open Redirect via remotereporter/load_logfiles.php URL Parameter
CVSS 6.1
CVE-2014-3652 MEDIUM
Keycloak < 1.1.0.Beta1 - Open Redirect via Unvalidated Redirect URL
CVSS 6.1
CVE-2014-2213 MEDIUM
POSH 3.0-3.2.1 - Open Redirect via Password Reset Redirect Parameter
CVSS 6.1
CVE-2013-2621 MEDIUM
Telaen < 1.3.1 - Open Redirect via redir.php URL Parameter
CVSS 6.1
CVE-2013-2764 MEDIUM
Secure Entry Server <4.7.0 - Open Redirect
CVSS 6.1
CVE-2013-0594 MEDIUM
IBM iNotes - Open Redirect
CVSS 6.1
CVE-2012-0518 MEDIUM KEV
Oracle Application Server <10.1.4.3.0 - Open Redirect
CVSS 4.7
CVE-2011-1594 MEDIUM
Red Hat Network Satellite - Open Redirect via URL Bounce Parameter
CVSS 6.5
CVE-2010-4266 MEDIUM
vanilla_forums < 2.0.10 - Open Redirect via Dispatcher
CVSS 6.1
CVE-2010-2471 MEDIUM
Drupal 5.x-6.x - Open Redirect
CVSS 6.1
CVE-2010-3669 MEDIUM
TYPO3 4.2.0-4.2.12 - Cross-Site Scripting and Open Redirect in Frontend Login Box
CVSS 5.4
CVE-2010-3661 MEDIUM
TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.x < 4.4.1 - Open Redirect in Backend
CVSS 6.1
CVE-2009-3832
Opera < 10.01 - Address Field Spoofing via Web Fonts
CVE-2008-1547
Microsoft Outlook Web Access <6.5.7638 - Open Redirect
Details
Vulnerabilities 1,532
Exploit Likelihood Low
Links
MITRE CWE Entry Search this CWE With Exploits