CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 5 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-56966 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56965 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56964 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56963 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56962 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56960 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56959 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56957 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56955 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56954 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56953 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link. | ||
| CVE-2024-56952 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link. | ||
| CVE-2024-56951 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56950 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56949 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56948 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-56947 | Med | 0.42 | 6.5 | 0.00 | Jan 27, 2025 | An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link. | ||
| CVE-2024-1227 | — | Med | 0.42 | 6.5 | 0.00 | Mar 12, 2024 | An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site. | |
| CVE-2017-15419 | Med | 0.42 | 6.5 | 0.01 | Aug 28, 2018 | Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page. | ||
| CVE-2011-1594 | Med | 0.42 | 6.5 | 0.01 | Feb 5, 2014 | A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks,… |
- risk 0.42cvss 6.5epss 0.00
An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Haokan Video iOS 7.70.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Baidu (China) Co Ltd Baidu Input Method (iOS version) v12.6.13 allows attackers to access user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Beijing Baidu Netcom Science & Technology Co Ltd Baidu Lite app (iOS version) 6.40.0 allows attackers to access user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster iOS 10.6.13 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in KuGou Technology Co., Ltd KuGou Concept iOS 4.0.61 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link.
- risk 0.42cvss 6.5epss 0.00
An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site.
- risk 0.42cvss 6.5epss 0.01
Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
A flaw was found in Spacewalk, as used in Red Hat Network Satellite. This open redirect vulnerability allows remote attackers to redirect users to arbitrary web sites by manipulating a URL in the url_bounce parameter. This can enable attackers to conduct phishing attacks,…