VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 1 of 42
  • CVE-2017-1000117HigOct 5, 2017
    risk 0.66cvss 8.8epss 0.78

    A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an attempt to visit the URL can result in any program that exists on the victim's machine being executed. Such a URL could be placed in the .gitmodules file of a malicious project, and an…

  • CVE-2019-25282CriJan 8, 2026
    risk 0.64cvss 9.8epss 0.00

    V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input…

  • CVE-2020-36912CriJan 6, 2026
    risk 0.64cvss 9.8epss 0.00

    Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting…

  • CVE-2025-43526CriDec 17, 2025
    risk 0.64cvss 9.8epss 0.01

    This issue was addressed with improved URL validation. This issue is fixed in Safari 26.2, macOS Tahoe 26.2. On a Mac with Lockdown Mode enabled, web content opened via a file URL may be able to use Web APIs that should be restricted.

  • CVE-2025-55031CriAug 19, 2025
    risk 0.64cvss 9.8epss 0.00

    Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This…

  • CVE-2026-43941CriMay 8, 2026
    risk 0.62cvss 9.6epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who…

  • CVE-2026-6795CriMay 7, 2026
    risk 0.62cvss 9.6epss 0.00

    URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

  • CVE-2026-33102CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.00

    Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2025-54145CriAug 19, 2025
    risk 0.59cvss 9.1epss 0.00

    The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme. This vulnerability was fixed in Firefox for iOS 141.

  • CVE-2017-8989CriAug 6, 2018
    risk 0.59cvss 9.1epss 0.02

    A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection.

  • CVE-2018-3774CriAug 12, 2018
    risk 0.58cvss 10.0epss 0.04

    Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.

  • CVE-2017-11879HigNov 15, 2017
    risk 0.58cvss 8.8epss 0.09

    ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

  • CVE-2026-23818HigApr 7, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an…

  • CVE-2025-62428HigOct 16, 2025
    risk 0.57cvss epss 0.00

    Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate the Host header in HTTP requests to generate malicious…

  • CVE-2024-51132CriNov 5, 2024
    risk 0.57cvss 9.8epss 0.02

    An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.

  • CVE-2024-45981HigSep 26, 2024
    risk 0.57cvss 8.8epss 0.00

    A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link.

  • CVE-2024-45979HigSep 26, 2024
    risk 0.57cvss 8.8epss 0.00

    A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.

  • CVE-2024-26504HigMay 1, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter.

  • CVE-2024-22243HigFeb 23, 2024
    risk 0.57cvss 8.1epss 0.04

    Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a…

  • CVE-2016-9078HigJun 11, 2018
    risk 0.57cvss 8.8epss 0.02

    Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been…