CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-601

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43058 601 2021-11-01 2021-11-02
5.8
None Remote Medium Not required Partial Partial None
An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, redirecting the user to an untrusted site.
2 CVE-2021-41826 601 2021-09-30 2021-10-07
5.8
None Remote Medium Not required Partial Partial None
PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.
3 CVE-2021-41733 601 2021-11-08 2021-11-09
5.8
None Remote Medium Not required Partial Partial None
Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.
4 CVE-2021-39501 601 2021-09-07 2021-09-10
5.8
None Remote Medium Not required Partial Partial None
EyouCMS 1.5.4 is vulnerable to Open Redirect. An attacker can redirect a user to a malicious url via the Logout function.
5 CVE-2021-39191 601 2021-09-03 2021-09-08
5.8
None Remote Medium Not required Partial Partial None
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version.
6 CVE-2021-39112 601 2021-08-25 2021-08-30
4.9
None Remote Medium ??? Partial Partial None
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to redirect users to a malicious URL via a reverse tabnapping vulnerability in the Project Shortcuts feature. The affected versions are before version 8.5.15, from version 8.6.0 before 8.13.7, from version 8.14.0 before 8.17.1, and from version 8.18.0 before 8.18.1.
7 CVE-2021-38343 601 2021-08-30 2021-09-02
5.8
None Remote Medium Not required Partial Partial None
The Nested Pages WordPress plugin <= 3.1.15 was vulnerable to an Open Redirect via the `page` POST parameter in the `npBulkActions`, `npBulkEdit`, `npListingSort`, and `npCategoryFilter` `admin_post` actions.
8 CVE-2021-38123 601 2021-09-07 2021-09-14
5.8
None Remote Medium Not required Partial Partial None
Open Redirect vulnerability in Micro Focus Network Automation, affecting Network Automation versions 10.4x, 10.5x, 2018.05, 2018.11, 2019.05, 2020.02, 2020.08, 2020.11, 2021.05. The vulnerability could allow redirect users to malicious websites after authentication.
9 CVE-2021-37746 601 2021-07-30 2021-09-20
5.8
None Remote Medium Not required Partial Partial None
textview_uri_security_check in textview.c in Claws Mail before 3.18.0, and Sylpheed through 3.7.0, does not have sufficient link checks before accepting a click.
10 CVE-2021-37699 601 2021-08-12 2021-08-20
5.8
None Remote Medium Not required Partial Partial None
Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.
11 CVE-2021-37352 601 2021-08-13 2021-08-23
5.8
None Remote Medium Not required Partial Partial None
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to spoofing. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
12 CVE-2021-36332 601 2021-11-23 2021-11-27
4.9
None Remote Medium ??? Partial Partial None
Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites.
13 CVE-2021-35966 601 2021-07-19 2021-07-28
5.8
None Remote Medium Not required Partial Partial None
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
14 CVE-2021-35206 601 2021-06-22 2021-06-24
5.8
None Remote Medium Not required Partial Partial None
Gitpod before 0.6.0 allows unvalidated redirects.
15 CVE-2021-35205 601 2021-09-30 2021-10-04
4.9
None Remote Medium ??? Partial Partial None
NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector.
16 CVE-2021-35037 601 2021-07-12 2021-07-22
5.8
None Remote Medium Not required Partial Partial None
Jamf Pro before 10.30.1 allows for an unvalidated URL redirect vulnerability affecting Jamf Pro customers who host their environments on-premises. An attacker may craft a URL that appears to be for a customer's Jamf Pro instance, but when clicked will forward a user to an arbitrary URL that may be malicious. This is tracked via Jamf with the following ID: PI-009822
17 CVE-2021-34807 601 2021-07-02 2021-07-08
5.8
None Remote Medium Not required Partial Partial None
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any URL via isredirect=1&redirectURL= in conjunction with the token data (e.g., a valid authtoken= value).
18 CVE-2021-34772 601 2021-10-06 2021-10-14
5.8
None Remote Medium Not required Partial Partial None
A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites.
19 CVE-2021-34254 601 2021-06-28 2021-07-02
5.8
None Remote Medium Not required Partial Partial None
Umbraco CMS before 7.15.7 is vulnerable to Open Redirection due to insufficient url sanitization on booting.aspx.
20 CVE-2021-33707 601 2021-08-10 2021-08-17
5.8
None Remote Medium Not required Partial Partial None
SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.
21 CVE-2021-33331 601 2021-08-03 2021-08-11
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.
22 CVE-2021-32956 601 2021-06-18 2021-06-24
5.8
None Remote Medium Not required Partial Partial None
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to redirection, which may allow an attacker to send a maliciously crafted URL that could result in redirecting a user to a malicious webpage.
23 CVE-2021-32806 601 2021-08-02 2021-09-20
5.8
None Remote Medium Not required Partial Partial None
Products.isurlinportal is a replacement for isURLInPortal method in Plone. Versions of Products.isurlinportal prior to 1.2.0 have an Open Redirect vulnerability. Various parts of Plone use the 'is url in portal' check for security, mostly to see if it is safe to redirect to a url. A url like `https://example.org` is not in the portal. The url `https:example.org` without slashes is considered to be in the portal. When redirecting, some browsers go to `https://example.org`, others give an error. Attackers may use this to redirect victims to their site, especially as part of a phishing attack. The problem has been patched in Products.isurlinportal 1.2.0.
24 CVE-2021-32805 601 2021-09-08 2021-09-15
5.8
None Remote Medium Not required Partial Partial None
Flask-AppBuilder is an application development framework, built on top of Flask. In affected versions if using Flask-AppBuilder OAuth, an attacker can share a carefully crafted URL with a trusted domain for an application built with Flask-AppBuilder, this URL can redirect a user to a malicious site. This is an open redirect vulnerability. To resolve this issue upgrade to Flask-AppBuilder 3.2.2 or above. If upgrading is infeasible users may filter HTTP traffic containing `?next={next-site}` where the `next-site` domain is different from the application you are protecting as a workaround.
25 CVE-2021-32786 601 Bypass 2021-07-22 2021-10-18
5.8
None Remote Medium Not required Partial Partial None
mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression.
26 CVE-2021-32721 601 2021-06-29 2021-07-06
5.8
None Remote Medium Not required Partial Partial None
PowerMux is a drop-in replacement for Go's http.ServeMux. In PowerMux versions prior to 1.1.1, attackers may be able to craft phishing links and other open redirects by exploiting the trailing slash redirection feature. This may lead to users being redirected to untrusted sites after following an attacker crafted link. The issue is resolved in v1.1.1. There are no existing workarounds.
27 CVE-2021-32645 601 2021-05-27 2021-06-08
5.8
None Remote Medium Not required Partial Partial None
Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installations where the default Hostname Identification is used and the environment uses tenants that have `force_https` set to `true` (default: `false`). Version 5.7.2 contains the relevant patches to fix this bug. Stripping the URL from special characters to prevent specially crafted URL's from being redirected to. As a work around users can set the `force_https` to every tenant to `false`, however this may degrade connection security.
28 CVE-2021-32618 601 2021-05-17 2021-05-26
5.8
None Remote Medium Not required Partial Partial None
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views (e.g. /login) by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc (network location) as the requesting URL. This check utilizes Pythons urlsplit library. However many browsers are very lenient on the kind of URL they accept and 'fill in the blanks' when presented with a possibly incomplete URL. As a concrete example - setting http://login?next=\\\github.com will pass FS's relative URL check however many browsers will gladly convert this to http://github.com. Thus an attacker could send such a link to an unwitting user, using a legitimate site and have it redirect to whatever site they want. This is considered a low severity due to the fact that if Werkzeug is used (which is very common with Flask applications) as the WSGI layer, it by default ALWAYS ensures that the Location header is absolute - thus making this attack vector mute. It is possible for application writers to modify this default behavior by setting the 'autocorrect_location_header=False`.
29 CVE-2021-31879 601 2021-04-29 2021-06-18
5.8
None Remote Medium Not required Partial Partial None
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
30 CVE-2021-31252 601 2021-06-04 2021-06-08
5.8
None Remote Medium Not required Partial Partial None
An open redirect vulnerability exists in BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, and SEMAC devices from CHIYU Technology that can be exploited by sending a link that has a specially crafted URL to convince the user to click on it.
31 CVE-2021-30888 601 +Info 2021-08-24 2021-11-02
4.3
None Remote Medium Not required Partial None None
An information leakage issue was addressed. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior .
32 CVE-2021-29652 601 2021-04-02 2021-04-06
5.8
None Remote Medium Not required Partial Partial None
Pomerium from version 0.10.0-0.13.3 has an Open Redirect in the user sign-in/out process
33 CVE-2021-29651 601 2021-04-02 2021-04-06
5.8
None Remote Medium Not required Partial Partial None
Pomerium before 0.13.4 has an Open Redirect (issue 1 of 2).
34 CVE-2021-29622 601 2021-05-19 2021-05-26
5.8
None Remote Medium Not required Partial Partial None
Prometheus is an open-source monitoring system and time series database. In 2.23.0, Prometheus changed its default UI to the New ui. To ensure a seamless transition, the URL's prefixed by /new redirect to /. Due to a bug in the code, it is possible for an attacker to craft an URL that can redirect to any other URL, in the /new endpoint. If a user visits a prometheus server with a specially crafted address, they can be redirected to an arbitrary URL. The issue was patched in the 2.26.1 and 2.27.1 releases. In 2.28.0, the /new endpoint will be removed completely. The workaround is to disable access to /new via a reverse proxy in front of Prometheus.
35 CVE-2021-29456 601 2021-04-21 2021-04-27
4.9
None Remote Medium ??? Partial Partial None
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any domain, including potentially malicious sites. This security issue does not directly impact the security of the web application itself. As a workaround, one can use a reverse proxy to strip the query parameter from the affected endpoint. There is a patch for version 4.28.0.
36 CVE-2021-29137 601 2021-04-29 2021-05-03
5.8
None Remote Medium Not required Partial Partial None
A remote URL redirection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. Aruba has released patches for AirWave Management Platform that address this security vulnerability.
37 CVE-2021-27612 601 2021-05-11 2021-06-29
5.8
None Remote Medium Not required Partial Partial None
In specific situations SAP GUI for Windows until and including 7.60 PL9, 7.70 PL0, forwards a user to specific malicious website which could contain malware or might lead to phishing attacks to steal credentials of the victim.
38 CVE-2021-27404 601 2021-02-19 2021-02-25
5.8
None Remote Medium Not required Partial Partial None
Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow injection of a Host HTTP header.
39 CVE-2021-27352 601 2021-03-29 2021-06-03
4.9
None Remote Medium ??? Partial Partial None
An open redirect vulnerability in Ilch CMS version 2.1.42 allows attackers to redirect users to an attacker's site after a successful login.
40 CVE-2021-25757 601 2021-02-03 2021-02-04
5.8
None Remote Medium Not required Partial Partial None
In JetBrains Hub before 2020.1.12629, an open redirect was possible.
41 CVE-2021-25737 601 2021-09-06 2021-10-07
4.9
None Remote Medium ??? Partial Partial None
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
42 CVE-2021-25655 601 2021-06-24 2021-06-30
5.8
None Remote Medium Not required Partial Partial None
A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix).
43 CVE-2021-24406 601 2021-07-06 2021-07-09
5.8
None Remote Medium Not required Partial Partial None
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control and being a replica of the legitimate one, asking them to re-enter their credentials (which will then in the attacker hands)
44 CVE-2021-24358 601 2021-06-14 2021-06-18
5.8
None Remote Medium Not required Partial Partial None
The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.10 did not validate a redirect parameter on a specifically crafted URL before redirecting the user to it, leading to an Open Redirect issue.
45 CVE-2021-24288 601 2021-05-17 2021-05-25
5.8
None Remote Medium Not required Partial Partial None
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
46 CVE-2021-24210 601 2021-04-05 2021-04-12
5.8
None Remote Medium Not required Partial Partial None
There is an open redirect in the PhastPress WordPress plugin before 1.111 that allows an attacker to malform a request to a page with the plugin and then redirect the victim to a malicious page. There is also a support comment from another user one year ago (https://wordpress.org/support/topic/phast-php-used-for-remote-fetch/) that says that the php involved in the request only go to whitelisted pages but it's possible to redirect the victim to any domain.
47 CVE-2021-24165 601 2021-04-05 2021-04-09
5.8
None Remote Medium Not required Partial Partial None
In the Ninja Forms Contact Form WordPress plugin before 3.4.34, the wp_ajax_nf_oauth_connect AJAX action was vulnerable to open redirect due to the use of a user supplied redirect parameter and no protection in place.
48 CVE-2021-23888 601 2021-03-26 2021-07-02
4.9
None Remote Medium ??? Partial Partial None
Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user.
49 CVE-2021-23435 601 2021-09-12 2021-09-23
5.8
None Remote Medium Not required Partial Partial None
This affects the package clearance before 2.5.0. The vulnerability can be possible when users are able to set the value of session[:return_to]. If the value used for return_to contains multiple leading slashes (/////example.com) the user ends up being redirected to the external domain that comes after the slashes (http://example.com).
50 CVE-2021-23401 601 Bypass 2021-07-05 2021-07-08
5.8
None Remote Medium Not required Partial Partial None
This affects all versions of package Flask-User. When using the make_safe_url function, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as /////evil.com/path or \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using 'autocorrect_location_header=False.
Total number of vulnerabilities : 520   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.