CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
BaseDraftLikelihood: Low
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (427)
page 4 of 22| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23817 | Med | 0.42 | 6.5 | 0.00 | Mar 11, 2026 | A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL. | |
| CVE-2025-7777 | Med | 0.42 | 6.5 | 0.00 | Aug 20, 2025 | The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns. | |
| CVE-2024-54728 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs. | |
| CVE-2024-56972 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56971 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56969 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56968 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload. | |
| CVE-2024-56967 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56966 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56965 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56964 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56963 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56962 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56960 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56959 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56957 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56955 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56954 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. | |
| CVE-2024-56953 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. | |
| CVE-2024-56952 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. |