CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-178
CVEs mapped to this weakness (835)
page 7 of 42| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-3872 | Hig | 0.40 | 7.3 | 0.00 | Apr 2, 2026 | A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting… | ||
| CVE-2026-20994 | Med | 0.40 | 6.1 | 0.00 | Mar 16, 2026 | URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | ||
| CVE-2025-70032 | Med | 0.40 | 6.1 | 0.00 | Mar 9, 2026 | An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. | ||
| CVE-2026-25477 | Med | 0.40 | 6.1 | 0.00 | Mar 2, 2026 | AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression… | ||
| CVE-2026-1296 | Med | 0.40 | 6.1 | 0.00 | Feb 18, 2026 | The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for… | ||
| CVE-2025-55060 | — | Med | 0.40 | 6.1 | 0.00 | Dec 29, 2025 | CWE-601 URL Redirection to Untrusted Site ('Open Redirect') | |
| CVE-2025-13819 | Med | 0.40 | 6.1 | 0.00 | Dec 1, 2025 | Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks. | ||
| CVE-2025-42924 | Med | 0.40 | 6.1 | 0.00 | Nov 11, 2025 | SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on… | ||
| CVE-2025-12789 | Med | 0.40 | 6.1 | 0.00 | Nov 7, 2025 | A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL. | ||
| CVE-2025-50736 | Med | 0.40 | 6.1 | 0.00 | Oct 30, 2025 | An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for… | ||
| CVE-2025-55032 | Med | 0.40 | 6.1 | 0.00 | Aug 19, 2025 | Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142. | ||
| CVE-2025-42985 | Med | 0.40 | 6.1 | 0.00 | Jul 8, 2025 | Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact… | ||
| CVE-2025-42981 | Med | 0.40 | 6.1 | 0.00 | Jul 8, 2025 | Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's… | ||
| CVE-2025-23183 | — | Med | 0.40 | 6.1 | 0.00 | May 22, 2025 | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | |
| CVE-2024-12561 | Med | 0.40 | 6.1 | 0.00 | May 21, 2025 | The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for… | ||
| CVE-2025-3859 | Med | 0.40 | 6.1 | 0.00 | Apr 30, 2025 | Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138. | ||
| CVE-2025-3433 | Med | 0.40 | 6.1 | 0.00 | Apr 8, 2025 | The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to… | ||
| CVE-2025-23086 | Med | 0.40 | 6.1 | 0.00 | Jan 21, 2025 | On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When… | ||
| CVE-2024-46326 | Med | 0.40 | 6.1 | 0.00 | Oct 21, 2024 | Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function. | ||
| CVE-2024-45247 | — | Med | 0.40 | 6.1 | 0.00 | Oct 6, 2024 | Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
- risk 0.40cvss 7.3epss 0.00
A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wildcard. A successful attack may lead to the theft of an access token, resulting…
- risk 0.40cvss 6.1epss 0.00
URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
- risk 0.40cvss 6.1epss 0.00
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
- risk 0.40cvss 6.1epss 0.00
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression…
- risk 0.40cvss 6.1epss 0.00
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST parameter in the verify_username_password function. This makes it possible for…
- risk 0.40cvss 6.1epss 0.00
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
- risk 0.40cvss 6.1epss 0.00
Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks.
- risk 0.40cvss 6.1epss 0.00
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on…
- risk 0.40cvss 6.1epss 0.00
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the openid-connect logout protocol does not properly validate the provided URL.
- risk 0.40cvss 6.1epss 0.00
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for…
- risk 0.40cvss 6.1epss 0.00
Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks. This vulnerability was fixed in Focus for iOS 142.
- risk 0.40cvss 6.1epss 0.00
Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to the exposure or modification of web client data, resulting in low impact…
- risk 0.40cvss 6.1epss 0.00
Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not properly sanitized. When a victim clicks on this link, the script executes within the victim's…
- risk 0.40cvss 6.1epss 0.00
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
- risk 0.40cvss 6.1epss 0.00
The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.0.0. This is due to insufficient validation on the redirect url supplied via the 'afflink' parameter. This makes it possible for…
- risk 0.40cvss 6.1epss 0.00
Websites directing users to long URLs that caused eliding to occur in the location view could leverage the truncating behavior to potentially trick users into thinking they were on a different webpage. This vulnerability was fixed in Focus 138.
- risk 0.40cvss 6.1epss 0.00
The Advanced Advertising System plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.3.1. This is due to insufficient validation on the redirect url supplied via the 'redir' parameter. This makes it possible for unauthenticated attackers to…
- risk 0.40cvss 6.1epss 0.00
On most desktop platforms, Brave Browser versions 1.70.x-1.73.x included a feature to show a site's origin on the OS-provided file selector dialog when a site prompts the user to upload or download a file. However the origin was not correctly inferred in some cases. When…
- risk 0.40cvss 6.1epss 0.00
Public Knowledge Project pkp-lib 3.4.0-7 and earlier is vulnerable to Open redirect due to a lack of input sanitization in the logout function.
- risk 0.40cvss 6.1epss 0.00
Sonarr – CWE-601: URL Redirection to Untrusted Site ('Open Redirect')