CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 31 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37881 | Med | 0.28 | 5.3 | 0.01 | Jun 19, 2024 | SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from… | ||
| CVE-2023-47168 | Med | 0.28 | 4.3 | 0.00 | Nov 27, 2023 | Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to= | ||
| CVE-2023-32068 | Med | 0.28 | 4.7 | 0.55 | May 15, 2023 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in… | ||
| CVE-2023-22729 | Med | 0.28 | 5.4 | 0.00 | Apr 26, 2023 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a… | ||
| CVE-2023-28628 | — | Med | 0.28 | 5.4 | 0.01 | Mar 27, 2023 | lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from… | |
| CVE-2022-25295 | Med | 0.28 | 5.4 | 0.01 | Sep 11, 2022 | This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts… | ||
| CVE-2022-1209 | Med | 0.28 | 4.3 | 0.01 | May 10, 2022 | The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1. | ||
| CVE-2021-23495 | Med | 0.28 | 5.4 | 0.01 | Feb 25, 2022 | The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter. | ||
| CVE-2021-3851 | Med | 0.28 | 5.4 | 0.01 | Oct 19, 2021 | firefly-iii is vulnerable to URL Redirection to Untrusted Site | ||
| CVE-2021-3664 | — | Med | 0.28 | 5.3 | 0.02 | Jul 26, 2021 | url-parse is vulnerable to URL Redirection to Untrusted Site | |
| CVE-2021-23393 | — | Med | 0.28 | 5.4 | 0.01 | Jun 11, 2021 | This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only… | |
| CVE-2021-23387 | — | Med | 0.28 | 5.4 | 0.01 | May 24, 2021 | The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTrailing(), as the web… | |
| CVE-2021-23384 | Med | 0.28 | 5.4 | 0.01 | May 17, 2021 | The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in… | ||
| CVE-2018-5304 | Med | 0.28 | 4.3 | 0.01 | May 11, 2018 | An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party… | ||
| CVE-2017-14725 | Med | 0.28 | 5.4 | 0.02 | Sep 23, 2017 | Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php. | ||
| CVE-2026-47347 | Med | 0.27 | — | 0.00 | Jun 9, 2026 | Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out… | ||
| CVE-2026-41844 | Med | 0.27 | 4.2 | 0.00 | Jun 9, 2026 | A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring… | ||
| CVE-2026-40332 | Med | 0.27 | — | 0.00 | May 6, 2026 | Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal paths, failing to validate the redirect target before processing. The application… | ||
| CVE-2026-21726 | Med | 0.27 | 5.3 | 0.00 | Apr 15, 2026 | The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this… | ||
| CVE-2026-39940 | Med | 0.27 | — | 0.00 | Apr 13, 2026 | ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel'… |
- risk 0.28cvss 5.3epss 0.01
SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from…
- risk 0.28cvss 4.3epss 0.00
Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
- risk 0.28cvss 4.7epss 0.55
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in…
- risk 0.28cvss 5.4epss 0.00
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a…
- risk 0.28cvss 5.4epss 0.01
lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from…
- risk 0.28cvss 5.4epss 0.01
This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts…
- risk 0.28cvss 4.3epss 0.01
The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.
- risk 0.28cvss 5.4epss 0.01
The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.
- risk 0.28cvss 5.4epss 0.01
firefly-iii is vulnerable to URL Redirection to Untrusted Site
- risk 0.28cvss 5.3epss 0.02
url-parse is vulnerable to URL Redirection to Untrusted Site
- risk 0.28cvss 5.4epss 0.01
This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only…
- risk 0.28cvss 5.4epss 0.01
The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTrailing(), as the web…
- risk 0.28cvss 5.4epss 0.01
The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in…
- risk 0.28cvss 4.3epss 0.01
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party…
- risk 0.28cvss 5.4epss 0.02
Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.
- risk 0.27cvss —epss 0.00
Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out…
- risk 0.27cvss 4.2epss 0.00
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring…
- risk 0.27cvss —epss 0.00
Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal paths, failing to validate the redirect target before processing. The application…
- risk 0.27cvss 5.3epss 0.00
The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this…
- risk 0.27cvss —epss 0.00
ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel'…