VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 2 of 42
  • CVE-2017-1156HigMay 5, 2017
    risk 0.57cvss 8.8epss 0.01

    IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a…

  • CVE-2016-5385HigJul 19, 2016
    risk 0.57cvss 8.1epss 0.50

    PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an…

  • CVE-2024-8527HigNov 19, 2025
    risk 0.56cvss epss 0.00

    Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0, 8.0, 8.5, 9.0 may allow attackers to exploit user sessions.

  • CVE-2026-34931CriApr 2, 2026
    risk 0.55cvss 9.6epss 0.00

    hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfiltration. With these tokens, the attacker can sign in as the victim to takeover their account. This issue has been patched in…

  • CVE-2024-22262HigApr 16, 2024
    risk 0.54cvss 8.1epss 0.01

    Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a…

  • CVE-2018-1251HigSep 28, 2018
    risk 0.54cvss 8.3epss 0.02

    Dell EMC Unity and UnityVSA versions prior to 4.3.1.1525703027 contains a URL Redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect Unity users to arbitrary web URLs by tricking the victim user to click on a…

  • CVE-2025-62716HigOct 24, 2025
    risk 0.53cvss 8.1epss 0.00

    Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes (e.g., javascript:) that are passed directly to router.push. This results in a cross-site…

  • CVE-2025-4123HigMay 22, 2025
    risk 0.53cvss 7.6epss 0.98

    A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not…

  • CVE-2025-24180HigMar 31, 2025
    risk 0.53cvss 8.1epss 0.01

    The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable…

  • CVE-2025-24876HigFeb 11, 2025
    risk 0.53cvss 8.1epss 0.00

    The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the…

  • CVE-2026-33510HigApr 6, 2026
    risk 0.50cvss 8.8epss 0.00

    Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting (XSS) vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter (callbackUrl), which is passed to redirect and router.push. An attacker…

  • CVE-2026-33506HigMar 26, 2026
    risk 0.50cvss 8.8epss 0.00

    Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability in Ory Polis's login functionality. The application improperly trusts a URL…

  • CVE-2018-25245HigApr 4, 2026
    risk 0.49cvss 7.5epss 0.00

    7 Tik 1.0.1.0 contains a denial of service vulnerability that allows attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 7700 characters into the search bar to trigger an application crash.

  • CVE-2024-55017HigSep 30, 2025
    risk 0.49cvss 7.5epss 0.00

    Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to victim accounts.

  • CVE-2021-4348HigJun 7, 2023
    risk 0.49cvss 7.5epss 0.01

    The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the export_settings & import_settings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and…

  • CVE-2017-9062HigMay 18, 2017
    risk 0.49cvss 8.6epss 0.02

    In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.

  • CVE-2026-40171HigMay 6, 2026
    risk 0.48cvss epss 0.00

    In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be…

  • CVE-2018-1736HigSep 27, 2018
    risk 0.48cvss 7.4epss 0.02

    IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to…

  • CVE-2017-3085HigAug 11, 2017
    risk 0.48cvss 7.4epss 0.04

    Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that leads to information disclosure when performing URL redirect.

  • CVE-2016-6657HigDec 16, 2016
    risk 0.48cvss 7.4epss 0.01

    An open redirect vulnerability has been detected with some Pivotal Cloud Foundry Elastic Runtime components. Users of affected versions should apply the following mitigation: Upgrade PCF Elastic Runtime 1.8.x versions to 1.8.12 or later. Upgrade PCF Ops Manager 1.7.x versions to…