VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 16 of 42
  • CVE-2022-31193HigAug 1, 2022
    risk 0.39cvss 7.1epss 0.01

    DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL…

  • CVE-2020-11053HigMay 7, 2020
    risk 0.39cvss 7.1epss 0.01

    In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. Users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the user was trying to access. This…

  • CVE-2019-11269MedJun 12, 2019
    risk 0.39cvss 5.4epss 0.09

    Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to 2.2.5, 2.1 prior to 2.1.5, and 2.0 prior to 2.0.18, as well as older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft…

  • CVE-2017-3528MedApr 24, 2017
    risk 0.39cvss 5.4epss 0.15

    Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability…

  • CVE-2026-55660higJun 19, 2026
    risk 0.38cvss epss

    TinaCMS registers window message listeners — the useTina overlay handler, the OAuth authentication popup handler, and the admin↔preview iframe GraphQL reducer — that act on event.data without verifying event.origin or event.source, and post messages using non-specific…

  • CVE-2026-40299MedApr 17, 2026
    risk 0.38cvss epss 0.00

    next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware prior to version 4.9.1with `localePrefix: 'as-needed'` could construct URLs where path handling and the WHATWG URL parser resolved a relative redirect target to another host (e.g.…

  • CVE-2026-27738MedFeb 25, 2026
    risk 0.38cvss epss 0.00

    The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and…

  • CVE-2024-8526MedNov 21, 2024
    risk 0.38cvss epss 0.01

    A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp"

  • CVE-2021-28125MedApr 27, 2021
    risk 0.38cvss 6.1epss 0.64

    Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince…

  • CVE-2026-53523MedJun 12, 2026
    risk 0.37cvss 6.8epss 0.00

    Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the getRedirectURL function in oauth2.go:22-29 constructs the OAuth2 callback URL by concatenating the request's Host header with a fixed…

  • CVE-2022-1058MedMar 24, 2022
    risk 0.37cvss 6.1epss 0.53

    Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

  • CVE-2022-21651MedJan 5, 2022
    risk 0.37cvss 6.8epss 0.01

    Shopware is an open source e-commerce software platform. An open redirect vulnerability has been discovered. Users may be arbitrary redirected due to incomplete URL handling in the shopware router. This issue has been resolved in version 5.7.7. There is no workaround and users…

  • CVE-2021-29456MedApr 21, 2021
    risk 0.37cvss 5.7epss 0.01

    Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the…

  • CVE-2025-0608MedOct 6, 2025
    risk 0.36cvss 5.5epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing. This issue affects Logo Cloud: before 2025.R6.

  • CVE-2026-48856MedJun 10, 2026
    risk 0.35cvss 6.5epss 0.00

    Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request headers to redirect targets without checking whether the redirect crosses an…

  • CVE-2026-48589MedMay 25, 2026
    risk 0.35cvss 5.4epss 0.00

    Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value could allow an attacker to influence the redirect target in applications using the…

  • CVE-2026-44598MedMay 25, 2026
    risk 0.35cvss 5.4epss 0.00

    With valid login credentials, URL Redirection to Untrusted Site ('Open Redirect'), Server-Side Request Forgery (SSRF) vulnerability in Apache Shiro. This issue affects Apache Shiro from 2.0-alpha to 2.1.0, and 3.0.0-alpha-1, only when using shiro-jakarta-ee integration…

  • CVE-2026-40037MedApr 8, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request…

  • CVE-2025-1885MedDec 19, 2025
    risk 0.35cvss 5.4epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Restajet Information Technologies Inc. Online Food Delivery System allows Phishing, Forceful Browsing. This issue affects Online Food Delivery System: through 19122025. NOTE: The vendor was contacted early…

  • CVE-2025-54144MedAug 19, 2025
    risk 0.35cvss 5.4epss 0.00

    The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was tricked into clicking a link. This vulnerability was fixed in Firefox for iOS 141.