CWE-601: Open Redirect

This CVE describes an open redirect vulnerability in Webilia Inc.'s Listdom WordPress plugin that allows attackers to redirect users to malicious webs...

This vulnerability allows attackers to redirect users from legitimate WordPress sites to malicious websites through the Ultimate WP Mail plugin. Attac...

This vulnerability allows attackers to redirect users from legitimate WordPress sites to malicious websites through the WP Clone any post type plugin....

This vulnerability allows attackers to redirect users from legitimate WordPress sites to malicious websites through the Integration of Zoho CRM and Co...

This CVE describes an open redirect vulnerability in the Bit Integrations WordPress plugin that allows attackers to redirect users to malicious websit...

This CVE describes an open redirect vulnerability in the AliNext WordPress plugin that allows attackers to redirect users to malicious websites. Attac...

This vulnerability allows attackers to redirect users from legitimate WooCommerce order status pages to malicious websites through crafted URLs. It af...

The WPO365 Microsoft 365 Graph Mailer WordPress plugin has an open redirect vulnerability in all versions up to 3.2. Unauthenticated attackers can red...

This vulnerability allows attackers to redirect users from a legitimate LearnPress WordPress plugin page to malicious external websites. It affects al...

This CVE describes an open redirect vulnerability in the Login Widget With Shortcode WordPress plugin from aviplugins.com. Attackers can craft malicio...

This CVE describes an open redirect vulnerability in the Sunshine Photo Cart WordPress plugin. Attackers can craft malicious URLs that redirect users ...

This CVE describes an open redirect vulnerability in the WordPress Simple Membership After Login Redirection plugin. Attackers can craft malicious URL...

This vulnerability is an open redirect flaw in Siemens web servers where improper input validation allows attackers to redirect legitimate users to ma...

This CVE describes an open redirect vulnerability in Express.js versions 3.4.5 through 3.x that allows attackers to redirect users to malicious websit...

Duende IdentityServer contains an open redirect vulnerability where attackers can craft malicious URLs that are incorrectly treated as local and trust...

OpenProject versions before 14.3.0 are vulnerable to host header injection, allowing attackers to forge HOST headers to redirect users to malicious si...

This CVE describes an open redirect vulnerability in the WordPress Share This Image plugin. Attackers can craft malicious URLs that redirect users to ...

ViewerJS 0.5.8 contains an open redirection and out-of-band resource loading vulnerability due to improper URL sanitization in URL TAGs. This allows a...

This vulnerability allows attackers to bypass security features in Microsoft Edge, potentially enabling malicious websites to perform actions that sho...

An open redirect vulnerability in django-allauth allows attackers to redirect users to malicious external websites via crafted URLs when SAML IdP init...

The Conditional CAPTCHA WordPress plugin through version 4.0.0 contains an open redirect vulnerability that allows attackers to redirect users to mali...

This CVE describes an open redirect vulnerability in mwielgoszewski's doorman application up to version 0.6. Attackers can manipulate the 'Next' param...

An open redirect vulnerability in Cisco EPNM and Prime Infrastructure web interfaces allows attackers to redirect users to malicious websites by manip...

This vulnerability allows attackers to redirect authenticated users to malicious websites through improper validation of a login parameter. It affects...

An open redirect vulnerability in Directus SAML authentication allows attackers to redirect users to malicious external websites after authentication....

This CVE describes an open redirect vulnerability in Mayan EDMS up to version 4.10.1. Attackers can manipulate the authentication component to redirec...

This vulnerability allows attackers to redirect users from legitimate WordPress sites to malicious websites through the WP Gravity Forms FreshDesk Plu...

This CVE describes a URL redirect bypass vulnerability in Koa.js middleware for Node.js. Attackers can manipulate the Referer header to force user bro...

This vulnerability in Newforma Info Exchange (NIX) allows unauthenticated attackers to redirect users to arbitrary external websites via the 'nhl' par...

This CVE describes an open redirect vulnerability in Lobe Chat's OIDC implementation. Attackers can manipulate X-Forwarded-* headers to redirect users...

This CVE describes an open redirect vulnerability in Freshwork's logout endpoint. Attackers can manipulate the post_logout_redirect_uri parameter to r...

This vulnerability allowed unauthenticated remote attackers to redirect Cisco Webex Meetings users to malicious websites through specially crafted mee...

This CVE describes an open redirect vulnerability in Movable Type's password reset functionality. Attackers can manipulate parameters to redirect user...

This CVE describes an open redirect vulnerability in JeeSite's SSO controller that allows attackers to redirect users to malicious websites. The vulne...

This vulnerability in Hope-Boot 1.0.0 allows attackers to redirect users to malicious websites through manipulation of the redirect_url parameter in t...

This vulnerability in Astun Technology iShare Maps allows attackers to redirect users to malicious websites by manipulating the 'ref' parameter in atC...

Dell NetWorker Management Console versions prior to 19.11.0.4 and version 19.12 contain an open redirect vulnerability that allows unauthenticated att...

This CVE describes an open redirect vulnerability in GLPI versions up to 10.0.17. Attackers can manipulate the 'redirect' parameter in /index.php to r...

This vulnerability in Zenvia Movidesk allows attackers to redirect users to malicious websites by manipulating the ReturnUrl parameter in the login pa...

This CVE describes an open redirect vulnerability in JoeyBling bootplus software. Attackers can manipulate the 'text' parameter in the qrCode function...

This vulnerability allows attackers to redirect users to malicious websites by manipulating the 'nexturl' parameter on the admin verification page in ...

This vulnerability is an Open Redirect issue in Hitachi Energy products where an HTTP parameter can be manipulated to redirect users to malicious webs...

This vulnerability allows attackers to redirect users to malicious websites by manipulating the 'source' parameter in the PKP OJS login/signOut endpoi...

This is an open redirect vulnerability in Bitbucket Data Center that allows unauthenticated attackers to redirect users to arbitrary websites after lo...

This CVE describes an open redirect vulnerability in Harbor container registry software. Attackers can craft malicious URLs that redirect Harbor users...

SuiteCRM versions before 8.6.1 contain a Host Header Injection vulnerability in the /legacy route. This allows attackers to manipulate host headers to...

The WP Compress Image Optimizer WordPress plugin contains an open redirect vulnerability that allows unauthenticated attackers to redirect users to ma...

This vulnerability in Basecamp's google_sign_in gem allows open redirect attacks when using Google Sign-In in Rails applications. Attackers could redi...

This vulnerability in Basecamp's Google Sign-In gem allows attackers to craft URLs that bypass same-origin checks, potentially redirecting users to ma...

This CVE describes an open redirect vulnerability in Grafana OSS organization switching functionality. Attackers can craft malicious URLs that redirec...