CWE-601— URL Redirection to Untrusted Site (Open Redirect)
1,356 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-601page 7 of 28
- CVE-2020-25846HIGHCVSS 7.5EG 7.52020-12-31
The digest generation function of NHIServiSignAdapter has not been verified for source file path, which leads to the SMB request being redirected to a malicious host, resulting in the leakage of user's credential.
- CVE-2020-25901MEDIUMCVSS 6.1EG 6.12020-12-18
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
- CVE-2020-26161MEDIUMCVSS 6.1EG 6.12020-10-26
In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header.
- CVE-2020-26215MEDIUMCVSS 4.4EG 4.42020-11-18
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these mali…
- CVE-2020-26219MEDIUMCVSS 4.7EG 4.72020-11-11
touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impacts can be many, and vary from theft of information and credentials, to the redirection to malicious websites containing attacker-controlled content, which in some cases e…
- CVE-2020-26232MEDIUMCVSS 4.1EG 4.12020-11-24
Jupyter Server before version 1.0.6 has an Open redirect vulnerability. A maliciously crafted link to a jupyter server could redirect the browser to a different website. All jupyter servers are technically affected, however, these maliciou…
- CVE-2020-26275MEDIUMCVSS 6.1EG 6.12020-12-21
The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability co…
- CVE-2020-26836MEDIUMCVSS 6.1EG 6.12020-12-09
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter creden…
- CVE-2020-26877MEDIUMCVSS 6.1EG 6.12022-06-29
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the aut…
- CVE-2020-26938HIGHCVSS 7.2EG 7.22022-08-29
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a r…
- CVE-2020-26979MEDIUMCVSS 6.1EG 6.12021-01-07
When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a …
- CVE-2020-27340MEDIUMCVSS 6.1EG 6.12020-12-18
The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control.
- CVE-2020-27729MEDIUMCVSS 6.1EG 6.12020-12-24
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI.
- CVE-2020-27816MEDIUMCVSS 6.1EG 6.12020-12-02
The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on t…
- CVE-2020-28150MEDIUMCVSS 6.1EG 6.12021-03-09
I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifies a link to an external site, and uses the user supplied data in a Redirect.
- CVE-2020-28724MEDIUMCVSS 6.1EG 6.12020-11-18
Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.
- CVE-2020-28726MEDIUMCVSS 6.1EG 6.12020-11-24
Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.
- CVE-2020-29498MEDIUMCVSS 6.1EG 6.12021-01-04
Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the vic…
- CVE-2020-29537MEDIUMCVSS 4.6EG 4.62021-01-29
Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the vic…
- CVE-2020-29565MEDIUMCVSS 6.1EG 6.12020-12-04
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in …
- CVE-2020-3178MEDIUMCVSS 6.1EG 6.12020-05-06
Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerabilities a…
- CVE-2020-3311MEDIUMCVSS 6.1EG 6.12020-05-06
A vulnerability in the web interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of H…
- CVE-2020-3337MEDIUMCVSS 6.1EG 6.12020-06-18
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request…
- CVE-2020-35560MEDIUMCVSS 6.1EG 6.12021-02-16
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.
- CVE-2020-3558MEDIUMCVSS 4.7EG 6.12020-10-21
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper inpu…
- CVE-2020-35678MEDIUMCVSS 6.1EG 6.12020-12-27
Autobahn|Python before 20.12.3 allows redirect header injection.
- CVE-2020-36365MEDIUMCVSS 6.1EG 6.12021-05-19
Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect.
- CVE-2020-36627MEDIUMCVSS 5.5EG 5.52022-12-25
A vulnerability was found in Macaron i18n. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file i18n.go. The manipulation leads to open redirect. The attack can be launched remotely. U…
- CVE-2020-36663MEDIUMCVSS 5.5EG 5.52023-03-04
A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to ve…
- CVE-2020-36664MEDIUMCVSS 5.5EG 5.52023-03-04
A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgra…
- CVE-2020-36665MEDIUMCVSS 5.5EG 5.52023-03-04
A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to ve…
- CVE-2020-36845MEDIUMCVSS 5.3EG 5.32025-04-20
The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitr…
- CVE-2020-36912CRITICALCVSS 9.8EG 9.82026-01-06
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users …
- CVE-2020-3954MEDIUMCVSS 6.1EG 6.12020-04-15
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.
- CVE-2020-4037MEDIUMCVSS 4.3EG 4.32020-06-29
In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users can provide a redirect address for the proxy to send the authenticated user to at the end of the authentication flow. This is expected to be the original URL that the us…
- CVE-2020-4048MEDIUMCVSS 5.7EG 5.72020-06-12
In affected versions of WordPress, due to an issue in wp_validate_redirect() and URL sanitization, an arbitrary external link can be crafted leading to unintended/open redirect when clicked. This has been patched in version 5.4.2, along wi…
- CVE-2020-4409HIGHCVSS 8.2EG 8.22020-09-16
IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerabil…
- CVE-2020-4598MEDIUMCVSS 6.1EG 6.12020-08-24
IBM Security Guardium Insights 2.0.1 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability…
- CVE-2020-4653MEDIUMCVSS 6.1EG 6.12020-08-19
IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof …
- CVE-2020-4840MEDIUMCVSS 6.1EG 6.12020-12-21
IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to s…
- CVE-2020-4849MEDIUMCVSS 6.1EG 6.12020-12-15
IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a ph…
- CVE-2020-5233MEDIUMCVSS 5.9EG 5.92020-01-30
OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0.
- CVE-2020-5270MEDIUMCVSS 4.1EG 4.12020-04-20
In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing…
- CVE-2020-5329MEDIUMCVSS 6.1EG 6.12021-07-29
Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously craft…
- CVE-2020-5337MEDIUMCVSS 4.6EG 4.62020-05-04
RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the vic…
- CVE-2020-5409MEDIUMCVSS 6.1EG 6.12020-05-14
Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website a…
- CVE-2020-5541MEDIUMCVSS 6.1EG 6.12020-08-25
Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows remote attackers to redirect users to arbitrary sites and conduct phishing attacks via a specially crafted URL.
- CVE-2020-5607MEDIUMCVSS 6.1EG 6.12020-07-10
Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
- CVE-2020-5623MEDIUMCVSS 6.1EG 6.12020-08-28
NITORI App for Android versions 6.0.4 and earlier and NITORI App for iOS versions 6.0.2 and earlier allow remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a…
- CVE-2020-5627MEDIUMCVSS 6.1EG 6.12020-09-09
Yodobashi App for Android versions 1.8.7 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack.
Map vulnerabilities like CWE-601 to your infrastructure
EchelonGraph correlates every CVE — across CWE-601 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →