CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 15 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10315 | Med | 0.40 | 6.1 | 0.01 | Apr 3, 2017 | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages. | ||
| CVE-2016-7137 | Med | 0.40 | 6.1 | 0.02 | Mar 7, 2017 | Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1)… | ||
| CVE-2017-5615 | Med | 0.40 | 6.1 | 0.01 | Mar 3, 2017 | cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | ||
| CVE-2017-5614 | Med | 0.40 | 6.1 | 0.01 | Mar 3, 2017 | Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. | ||
| CVE-2017-5571 | Med | 0.40 | 6.1 | 0.02 | Mar 3, 2017 | Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and… | ||
| CVE-2017-3840 | Med | 0.40 | 6.1 | 0.02 | Feb 22, 2017 | A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5). | ||
| CVE-2016-8376 | Med | 0.40 | 6.1 | 0.01 | Feb 13, 2017 | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities. | ||
| CVE-2016-8961 | Med | 0.40 | 6.1 | 0.01 | Feb 1, 2017 | IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a… | ||
| CVE-2016-6020 | Med | 0.40 | 6.1 | 0.01 | Feb 1, 2017 | IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to… | ||
| CVE-2016-6908 | Med | 0.40 | 6.1 | 0.01 | Jan 26, 2017 | Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong… | ||
| CVE-2017-5474 | Med | 0.40 | 6.1 | 0.01 | Jan 14, 2017 | Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header. | ||
| CVE-2016-5715 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2017 | Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this… | ||
| CVE-2015-6501 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2017 | Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | ||
| CVE-2008-2951 | Med | 0.40 | 6.1 | 0.02 | Jul 27, 2008 | Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function. | ||
| CVE-2008-2052 | Med | 0.40 | 6.1 | 0.02 | May 2, 2008 | Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter. | ||
| CVE-2026-45037 | Hig | 0.39 | 7.1 | 0.00 | May 15, 2026 | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to… | ||
| CVE-2026-44503 | Hig | 0.39 | — | 0.01 | May 14, 2026 | The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed;… | ||
| CVE-2025-6242 | Hig | 0.39 | 7.1 | 0.00 | Oct 7, 2025 | A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target… | ||
| CVE-2023-6717 | Med | 0.39 | 6.0 | 0.01 | Apr 25, 2024 | A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one… | ||
| CVE-2022-45402 | Med | 0.39 | 6.1 | 0.82 | Nov 15, 2022 | In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. |
- risk 0.40cvss 6.1epss 0.01
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct Open Redirect attacks via the submit-url parameter to certain /goform/* pages.
- risk 0.40cvss 6.1epss 0.02
Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to (1)…
- risk 0.40cvss 6.1epss 0.01
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.
- risk 0.40cvss 6.1epss 0.02
Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and…
- risk 0.40cvss 6.1epss 0.02
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affected Releases: 5.8(2.5).
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vulnerabilities.
- risk 0.40cvss 6.1epss 0.01
IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a…
- risk 0.40cvss 6.1epss 0.01
IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to…
- risk 0.40cvss 6.1epss 0.01
Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong…
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in comment.php in Serendipity through 2.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP Referer header.
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the redirect parameter. NOTE: this…
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
- risk 0.40cvss 6.1epss 0.02
Open redirect vulnerability in the search script in Trac before 0.10.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the q parameter, possibly related to the quickjump function.
- risk 0.40cvss 6.1epss 0.02
Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter.
- risk 0.39cvss 7.1epss 0.00
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to…
- risk 0.39cvss —epss 0.01
The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to strip sensitive HTTP headers when following 3xx redirects to a different host or scheme. Only the Authorization header is removed;…
- risk 0.39cvss 7.1epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target…
- risk 0.39cvss 6.0epss 0.01
A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one…
- risk 0.39cvss 6.1epss 0.82
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.