VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 31 of 42
  • CVE-2024-37881MedJun 19, 2024
    risk 0.28cvss 5.3epss 0.01

    SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from…

  • CVE-2023-47168MedNov 27, 2023
    risk 0.28cvss 4.3epss 0.00

    Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=

  • CVE-2023-32068MedMay 15, 2023
    risk 0.28cvss 4.7epss 0.55

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in…

  • CVE-2023-22729MedApr 26, 2023
    risk 0.28cvss 5.4epss 0.00

    Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a…

  • CVE-2023-28628MedMar 27, 2023
    risk 0.28cvss 5.4epss 0.01

    lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from…

  • CVE-2022-25295MedSep 11, 2022
    risk 0.28cvss 5.4epss 0.01

    This affects the package github.com/gophish/gophish before 0.12.0. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parse(r.FormValue("next")) to extract path and eventually redirect user to a relative URL, but if next parameter starts…

  • CVE-2022-1209MedMay 10, 2022
    risk 0.28cvss 4.3epss 0.01

    The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.

  • CVE-2021-23495MedFeb 25, 2022
    risk 0.28cvss 5.4epss 0.01

    The package karma before 6.3.16 are vulnerable to Open Redirect due to missing validation of the return_url query parameter.

  • CVE-2021-3851MedOct 19, 2021
    risk 0.28cvss 5.4epss 0.01

    firefly-iii is vulnerable to URL Redirection to Untrusted Site

  • CVE-2021-3664MedJul 26, 2021
    risk 0.28cvss 5.3epss 0.02

    url-parse is vulnerable to URL Redirection to Untrusted Site

  • CVE-2021-23393MedJun 11, 2021
    risk 0.28cvss 5.4epss 0.01

    This affects the package Flask-Unchained before 0.9.0. When using the the _validate_redirect_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only…

  • CVE-2021-23387MedMay 24, 2021
    risk 0.28cvss 5.4epss 0.01

    The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::createTrailing(), as the web…

  • CVE-2021-23384MedMay 17, 2021
    risk 0.28cvss 5.4epss 0.01

    The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in…

  • CVE-2018-5304MedMay 11, 2018
    risk 0.28cvss 4.3epss 0.01

    An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2. The affected web interface is vulnerable to ClickJacking or UI Redressing: it is possible to access the web application in an iframe, and clicking on the iframe will redirect to a third-party…

  • CVE-2017-14725MedSep 23, 2017
    risk 0.28cvss 5.4epss 0.02

    Before version 4.8.2, WordPress was susceptible to an open redirect attack in wp-admin/edit-tag-form.php and wp-admin/user-edit.php.

  • CVE-2026-47347MedJun 9, 2026
    risk 0.27cvss epss 0.00

    Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. This enables attackers to redirect users to external content and carry out…

  • CVE-2026-41844MedJun 9, 2026
    risk 0.27cvss 4.2epss 0.00

    A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring…

  • CVE-2026-40332MedMay 6, 2026
    risk 0.27cvss epss 0.00

    Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes (//) as internal paths, failing to validate the redirect target before processing. The application…

  • CVE-2026-21726MedApr 15, 2026
    risk 0.27cvss 5.3epss 0.00

    The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/rules/{namespace} Thanks to Prasanth Sundararajan for reporting this…

  • CVE-2026-39940MedApr 13, 2026
    risk 0.27cvss epss 0.00

    ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel'…