VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 24 of 42
  • CVE-2015-3880MedSep 19, 2017
    risk 0.33cvss 6.1epss 0.02

    Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to redirect users of Google Chrome to arbitrary web sites and conduct phishing attacks via unspecified vectors.

  • CVE-2017-1002150MedSep 14, 2017
    risk 0.33cvss 6.1epss 0.01

    python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection

  • CVE-2015-2749MedSep 13, 2017
    risk 0.33cvss 6.1epss 0.01

    Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.

  • CVE-2017-1000070MedJul 17, 2017
    risk 0.33cvss 6.1epss 0.01

    The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819

  • CVE-2017-7234MedApr 4, 2017
    risk 0.33cvss 6.1epss 0.02

    A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18) site using the ``django.views.static.serve()`` view could redirect to any other domain, aka an open redirect vulnerability.

  • CVE-2017-7233MedApr 4, 2017
    risk 0.33cvss 6.1epss 0.02

    Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 relies on user input in some cases to redirect the user to an "on success" URL. The security check for these redirects (namely ``django.utils.http.is_safe_url()``) considered some numeric URLs "safe" when they…

  • CVE-2017-7266MedMar 26, 2017
    risk 0.33cvss 6.1epss 0.01

    Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header.

  • CVE-2015-8760MedJan 8, 2016
    risk 0.33cvss 6.1epss 0.01

    The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."

  • CVE-2026-28301MedJun 9, 2026
    risk 0.31cvss 4.8epss 0.00

    A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website.

  • CVE-2026-43924MedJun 3, 2026
    risk 0.31cvss epss 0.00

    FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs before storing or issuing redirects. This allows arbitrary external URLs to be…

  • CVE-2026-49059MedMay 27, 2026
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0.

  • CVE-2026-44833MedMay 26, 2026
    risk 0.31cvss 5.9epss 0.00

    Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer header stored in session variable. This vulnerability is fixed in 8.4.1.

  • CVE-2026-2813MedMay 20, 2026
    risk 0.31cvss 4.7epss 0.00

    ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended,…

  • CVE-2026-35253MedMay 6, 2026
    risk 0.31cvss 4.7epss 0.00

    Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful…

  • CVE-2026-41226MedApr 30, 2026
    risk 0.31cvss 4.7epss 0.00

    Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.

  • CVE-2026-20060MedApr 15, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could…

  • CVE-2026-39484MedApr 8, 2026
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.

  • CVE-2026-28106MedMar 6, 2026
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20.

  • CVE-2026-25392MedFeb 19, 2026
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows Phishing.This issue affects Update URLs – Quick and Easy way to search old…

  • CVE-2026-1277MedFeb 18, 2026
    risk 0.31cvss 4.7epss 0.01

    The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismissal handler. This makes it possible for unauthenticated attackers to redirect…