VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 30 of 42
  • CVE-2026-40096MedApr 15, 2026
    risk 0.28cvss 5.4epss 0.00

    immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a tag in api.service.ts. A registered attacker…

  • CVE-2026-5467MedApr 3, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect_uri leads to open redirect. It is possible to launch the attack remotely. The…

  • CVE-2026-34442MedMar 31, 2026
    risk 0.28cvss 5.4epss 0.00

    FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This…

  • CVE-2026-4799MedMar 31, 2026
    risk 0.28cvss 4.3epss 0.00

    In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to redirect the user to an untrusted URL.

  • CVE-2026-1369MedFeb 22, 2026
    risk 0.28cvss 4.3epss 0.00

    The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue

  • CVE-2025-65717MedFeb 16, 2026
    risk 0.28cvss 4.3epss 0.01

    An issue in Visual Studio Code Extensions Live Server v5.7.9 allows attackers to exfiltrate files via user interaction with a crafted HTML page.

  • CVE-2025-2418MedFeb 16, 2026
    risk 0.28cvss 4.3epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber ​​Defense Inc. Web Application Firewall allows Phishing. This issue affects Web Application Firewall: from 4.30 before v1.4.0.117.

  • CVE-2026-2153MedFeb 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotely. The exploit has been…

  • CVE-2025-54196MedOct 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction in that a…

  • CVE-2025-10229MedSep 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the…

  • CVE-2025-55706MedAug 20, 2025
    risk 0.28cvss 4.3epss 0.00

    URL redirection to untrusted site ('Open Redirect') issue exists in Movable Type. If this vulnerability is exploited, an invalid parameter may be inserted into the password reset page, which may lead to redirection to an arbitrary URL.

  • CVE-2025-7785MedJul 18, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The…

  • CVE-2025-7763MedJul 17, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect…

  • CVE-2025-6428MedJun 24, 2025
    risk 0.28cvss 4.3epss 0.00

    When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.*. This vulnerability was…

  • CVE-2025-6552MedJun 24, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The manipulation of the argument redirect_url leads to open…

  • CVE-2025-6089MedJun 15, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in Astun Technology iShare Maps 5.4.0 and classified as problematic. This vulnerability affects unknown code of the file atCheckJS.aspx. The manipulation of the argument ref leads to open redirect. The attack can be initiated remotely. The exploit…

  • CVE-2025-4838MedMay 17, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The…

  • CVE-2025-4513MedMay 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php of the component Logout. The manipulation of the argument return…

  • CVE-2025-27424MedMar 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Websites redirecting to a non-HTTP scheme URL could allow a website address to be spoofed for a malicious page. This vulnerability was fixed in Firefox for iOS 136.

  • CVE-2024-12990MedDec 27, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input…