CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-601

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2023-22958 601 2023-01-11 2023-01-23
0.0
None ??? ??? ??? ??? ??? ???
The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter.
2 CVE-2023-22298 601 2023-01-17 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
3 CVE-2023-0042 601 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
4 CVE-2022-47500 601 2022-12-19 2022-12-24
0.0
None ??? ??? ??? ??? ??? ???
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache Software Foundation Apache Helix UI component.This issue affects Apache Helix all releases from 0.8.0 to 1.0.4. Solution: removed the the forward component since it was improper designed for UI embedding. User please upgrade to 1.1.0 to fix this issue.
5 CVE-2022-46683 601 2022-12-12 2022-12-12
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins.
6 CVE-2022-46288 601 2022-12-19 2022-12-22
0.0
None ??? ??? ??? ??? ??? ???
Open redirect vulnerability in DENSHI NYUSATSU CORE SYSTEM v6 R4 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
7 CVE-2022-45917 601 2022-12-07 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
ILIAS before 7.16 has an Open Redirect.
8 CVE-2022-45413 601 2022-12-22 2022-12-30
0.0
None ??? ??? ??? ??? ??? ???
Using the <code>S.browser_fallback_url parameter</code> parameter, an attacker could redirect a user to a URL and cause SameSite=Strict cookies to be sent.<br>*This issue only affects Firefox for Android. Other operating systems are not affected.*. This vulnerability affects Firefox < 107.
9 CVE-2022-45402 601 2022-11-15 2022-11-17
0.0
None ??? ??? ??? ??? ??? ???
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.
10 CVE-2022-44488 601 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
11 CVE-2022-43985 601 2022-11-02 2022-11-03
0.0
None ??? ??? ??? ??? ??? ???
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.
12 CVE-2022-43721 601 2023-01-16 2023-01-24
0.0
None ??? ??? ??? ??? ??? ???
An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
13 CVE-2022-43479 601 2022-12-05 2022-12-06
0.0
None ??? ??? ??? ??? ??? ???
Open redirect vulnerability in SHIRASAGI v1.14.4 to v1.15.0 allows a remote unauthenticated attacker to redirect users to an arbitrary web site and conduct a phishing attack.
14 CVE-2022-41965 601 2022-11-28 2022-12-01
0.0
None ??? ??? ??? ??? ??? ???
Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast 12.5, Opencast's Paella authentication page could be used to redirect to an arbitrary URL for authenticated users. The vulnerability allows attackers to redirect users to sites outside of one's Opencast install, potentially facilitating phishing attacks or other security issues. This issue is fixed in Opencast 12.5 and newer.
15 CVE-2022-41559 601 2022-12-06 2022-12-08
0.0
None ??? ??? ??? ??? ??? ???
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.
16 CVE-2022-41275 601 2022-12-13 2022-12-15
0.0
None ??? ??? ??? ??? ??? ???
In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity.
17 CVE-2022-41273 601 2022-12-13 2022-12-15
0.0
None ??? ??? ??? ??? ??? ???
Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP Sourcing URL, since the victim doesn’t suspect the threat, they click on the link, log in to SAP Sourcing and CLM and at this point, they get redirected to a malicious website.
18 CVE-2022-41215 601 2022-11-08 2022-12-12
0.0
None ??? ??? ??? ??? ??? ???
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
19 CVE-2022-41207 601 2022-11-08 2022-11-09
0.0
None ??? ??? ??? ??? ??? ???
SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information.
20 CVE-2022-41204 601 2022-10-11 2022-10-12
0.0
None ??? ??? ??? ??? ??? ???
An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system.
21 CVE-2022-40754 601 2022-09-21 2022-09-22
0.0
None ??? ??? ??? ??? ??? ???
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.
22 CVE-2022-40257 601 2022-10-10 2022-10-11
0.0
None ??? ??? ??? ??? ??? ???
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.
23 CVE-2022-40248 601 2022-10-10 2022-10-11
0.0
None ??? ??? ??? ??? ??? ???
An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via form using the "Product Affected" field.
24 CVE-2022-40083 601 2022-09-28 2022-09-29
0.0
None ??? ??? ??? ??? ??? ???
Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).
25 CVE-2022-39814 601 2022-09-13 2022-09-16
0.0
None ??? ??? ??? ??? ??? ???
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.
26 CVE-2022-39359 601 2022-10-26 2022-10-28
0.0
None ??? ??? ??? ??? ??? ???
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9. Metabase no longer follow redirects on GeoJSON map URLs. An environment variable `MB_CUSTOM_GEOJSON_ENABLED` was also added to disable custom GeoJSON completely (`true` by default).
27 CVE-2022-39258 601 2022-09-27 2022-09-29
0.0
None ??? ??? ??? ??? ??? ???
mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to steal other information. The issue has been fixed with the 2022-09 mailcow Mootember Update. As a workaround, one may delete the Swapper API Documentation from their e-mail server.
28 CVE-2022-39183 601 2023-01-12 2023-01-20
0.0
None ??? ??? ??? ??? ??? ???
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors.
29 CVE-2022-39021 601 2022-10-31 2022-10-31
0.0
None ??? ??? ??? ??? ??? ???
U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website.
30 CVE-2022-38662 601 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
In HCL Digital Experience, URLs can be constructed to redirect users to untrusted sites.
31 CVE-2022-38208 601 2022-12-29 2023-01-05
0.0
None ??? ??? ??? ??? ??? ???
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
32 CVE-2022-38201 601 2022-11-15 2022-11-21
0.0
None ??? ??? ??? ??? ??? ???
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.
33 CVE-2022-38197 601 2022-10-25 2022-10-31
0.0
None ??? ??? ??? ??? ??? ???
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.
34 CVE-2022-38131 601 2022-09-06 2022-12-20
0.0
None ??? ??? ??? ??? ??? ???
RStudio Connect is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
35 CVE-2022-37927 601 2022-12-12 2022-12-13
0.0
None ??? ??? ??? ??? ??? ???
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD).
36 CVE-2022-36316 601 2022-12-22 2023-01-04
0.0
None ??? ??? ??? ??? ??? ???
When using the Performance API, an attacker was able to notice subtle differences between PerformanceEntries and thus learn whether the target URL had been subject to a redirect. This vulnerability affects Firefox < 103.
37 CVE-2022-35953 601 2022-08-12 2022-08-16
0.0
None ??? ??? ??? ??? ??? ???
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patched in version 0.4.5.
38 CVE-2022-35652 601 2022-07-25 2022-08-01
0.0
None ??? ??? ??? ??? ??? ???
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
39 CVE-2022-34474 601 2022-12-22 2023-01-04
0.0
None ??? ??? ??? ??? ??? ???
Even when an iframe was sandboxed with <code>allow-top-navigation-by-user-activation</code>, if it received a redirect header to an external protocol the browser would process the redirect and prompt the user as appropriate. This vulnerability affects Firefox < 102.
40 CVE-2022-33712 601 2022-07-12 2022-07-20
5.0
None Remote Low Not required Partial None None
Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.
41 CVE-2022-33146 601 2022-06-27 2022-07-07
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
42 CVE-2022-32444 601 2022-06-17 2022-06-28
5.8
None Remote Medium Not required Partial Partial None
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.
43 CVE-2022-31735 601 2022-09-15 2022-09-19
0.0
None ??? ??? ??? ??? ??? ???
OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). When accessing an affected server through some specially crafted URL, the user may be redirected to an arbitrary website.
44 CVE-2022-31193 601 2022-08-01 2022-08-08
0.0
None ??? ??? ??? ??? ??? ???
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker's choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability.
45 CVE-2022-31151 601 2022-07-21 2022-09-29
0.0
None ??? ??? ??? ??? ??? ???
Authorization headers are cleared on cross-origin redirect. However, cookie headers which are sensitive headers and are official headers found in the spec, remain uncleared. There are active users using cookie headers in undici. This may lead to accidental leakage of cookie to a 3rd-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the 3rd party site. This was patched in v5.7.1. By default, this vulnerability is not exploitable. Do not enable redirections, i.e. `maxRedirections: 0` (the default).
46 CVE-2022-31040 601 2022-06-13 2022-06-21
5.8
None Remote Medium Not required Partial Partial None
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble.
47 CVE-2022-30992 601 2022-05-18 2022-06-01
5.8
None Remote Medium Not required Partial Partial None
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
48 CVE-2022-30706 601 2022-07-26 2022-08-01
0.0
None ??? ??? ??? ??? ??? ???
Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
49 CVE-2022-30562 601 2022-06-28 2022-07-13
4.0
None Remote High Not required Partial Partial None
If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page.
50 CVE-2022-29912 601 2022-12-22 2023-01-04
0.0
None ??? ??? ??? ??? ??? ???
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100.
Total number of vulnerabilities : 691   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.