VYPR

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

BaseDraftLikelihood: Low

Description

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-178

CVEs mapped to this weakness (835)

page 8 of 42
  • CVE-2024-4604MedJun 26, 2024
    risk 0.40cvss 6.1epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magarsus Consultancy SSO (Single Sign On) allows Manipulating Hidden Fields. This issue affects SSO (Single Sign On): from 1.0 before 1.1.

  • CVE-2024-4133MedMay 2, 2024
    risk 0.40cvss 6.1epss 0.01

    The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.30. This is due to insufficient validation on the redirect url supplied via the…

  • CVE-2019-10955MedApr 25, 2019
    risk 0.40cvss 6.1epss 0.03

    In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370…

  • CVE-2018-17870MedOct 1, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in BTITeam XBTIT 2.5.4. The "returnto" parameter of account_change.php is vulnerable to an open redirect, a different vulnerability than CVE-2018-15683.

  • CVE-2018-16954MedSep 18, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Oracle WebCenter Interaction Portal 10.3.3. The login function of the portal is vulnerable to insecure redirection (also called an open redirect). The in_hi_redirect parameter is not validated by the application after a successful login. NOTE: this CVE…

  • CVE-2018-17074MedSep 16, 2018
    risk 0.40cvss 6.1epss 0.01

    The Feed Statistics plugin before 4.0 for WordPress has an Open Redirect via the feed-stats-url parameter.

  • CVE-2018-5548MedSep 13, 2018
    risk 0.40cvss 6.1epss 0.01

    On BIG-IP APM 11.6.0-11.6.3, an insecure AES ECB mode is used for orig_uri parameter in an undisclosed /vdesk link of APM virtual server configured with an access profile, allowing a malicious user to build a redirect URI value using different blocks of cipher texts.

  • CVE-2018-16761MedSep 9, 2018
    risk 0.40cvss 6.1epss 0.02

    Eventum before 3.4.0 has an open redirect vulnerability.

  • CVE-2018-14398MedSep 7, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to steal credentials.

  • CVE-2018-14366MedSep 6, 2018
    risk 0.40cvss 6.1epss 0.01

    download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.

  • CVE-2018-1000671MedSep 6, 2018
    risk 0.40cvss 6.1epss 0.04

    sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be…

  • CVE-2018-15683MedSep 5, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the page, they will be instantly redirected.

  • CVE-2018-7692MedAug 9, 2018
    risk 0.40cvss 6.1epss 0.01

    Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1.

  • CVE-2018-7091MedAug 6, 2018
    risk 0.40cvss 6.1epss 0.01

    HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr.

  • CVE-2013-0594MedJul 11, 2018
    risk 0.40cvss 6.1epss 0.01

    Open redirect vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. IBM X-Force ID: 83383.

  • CVE-2018-1355MedJun 27, 2018
    risk 0.40cvss 6.1epss 0.02

    An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to…

  • CVE-2017-16652MedJun 13, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2.8.31, 3.2.x before 3.2.14, and 3.3.x before 3.3.13. DefaultAuthenticationSuccessHandler or DefaultAuthenticationFailureHandler takes the content of the _target_path parameter and generates a redirect…

  • CVE-2017-5389MedJun 11, 2018
    risk 0.40cvss 6.1epss 0.01

    WebExtensions could use the "mozAddonManager" API by modifying the CSP headers on sites with the appropriate permissions and then using host requests to redirect script loads to a malicious site. This allows a malicious extension to then install additional extensions without…

  • CVE-2017-16224MedJun 7, 2018
    risk 0.40cvss 6.1epss 0.01

    st is a module for serving static files. An attacker is able to craft a request that results in an HTTP 301 (redirect) to an entirely different domain. A request for: http://some.server.com//nodesecurity.org/%2e%2e would result in a 301 to //nodesecurity.org/%2e%2e which most…

  • CVE-2018-10651MedMay 23, 2018
    risk 0.40cvss 6.1epss 0.01

    There are Open Redirect Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.