Open Redirect
Monthly
Open Redirect in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to redirect authenticated administrators to arbitrary external URLs via a malicious redirect parameter on the session course edit page, while simultaneously leaking the id_session parameter to attacker-controlled servers. The vulnerability requires user interaction (UI:R) but affects confidentiality through session parameter disclosure and crosses trust boundaries (S:C), resulting in CVSS 4.7 with low real-world risk due to authentication and user-interaction requirements.
Open redirect vulnerability in Chamilo LMS login endpoint allows unauthenticated remote attackers to redirect users to arbitrary external websites via the redirect parameter, affecting versions 1.11.0 through 2.0-beta.1. The vulnerability was patched in 2.0-beta.2 and subsequent releases. No public exploit code or active exploitation has been confirmed, but the attack requires no authentication or special complexity and could be weaponized for phishing campaigns.
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.
Open redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve allows unauthenticated remote attackers to redirect users to untrusted sites via crafted URLs. Affects Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The vulnerability requires user interaction (clicking a malicious link) and has low real-world exploitation probability (EPSS 0.01%), with no public exploit code or confirmed active exploitation identified at the time of analysis.
Open redirect vulnerability in LORIS (Longitudinal Online Research and Imaging System) versions prior to 27.0.3 and 28.0.1 allows unauthenticated remote attackers to redirect authenticated users to arbitrary external websites via a malicious redirect parameter during login. The vulnerability requires user interaction (clicking a crafted link) but poses a meaningful phishing risk in neuroimaging research environments where LORIS deployments are common. No public exploit code or active exploitation has been confirmed at the time of analysis.
Cross-origin request body replay in OpenClaw's fetchWithSsrFGuard function before version 2026.3.31 enables attackers to exfiltrate sensitive request data and headers to unintended origins through redirect manipulation. The vulnerability requires user interaction and allows high confidentiality impact through unsafe request body transmission across origin boundaries. Affects unauthenticated contexts. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
Open redirect vulnerability in ChurchCRM prior to version 7.0.0 allows authenticated users to be redirected to arbitrary URLs via crafted links containing unvalidated redirect parameters, particularly through the 'linkBack' parameter used across multiple application pages including DonatedItemEditor.php. An attacker can create a malicious link that redirects authenticated users to external sites when they interact with UI elements, enabling phishing attacks and credential theft. The vulnerability requires an authenticated user and user interaction (clicking a button), reducing immediate risk but posing moderate concern in social engineering scenarios.
Open redirect vulnerability in HPE Aruba Networking Private 5G Core On-Prem GUI enables credential harvesting attacks against authenticated users. Remote attackers can craft malicious URLs that redirect victims from the legitimate login flow to attacker-controlled phishing pages designed to capture credentials. With CVSS 8.8 (High) severity and network-reachable attack surface requiring no authentication, this represents significant phishing risk for organizations deploying private 5G infrastructure. No public exploit identified at time of analysis, though exploitation requires minimal technical complexity.
Open edX Platform versions prior to commit 76462f1e5fa9b37d2621ad7ad19514b403908970 suffer from an open redirect vulnerability in the view_survey endpoint that accepts unvalidated redirect_url parameters, enabling attackers to redirect authenticated users to arbitrary attacker-controlled URLs for phishing and credential theft. The vulnerability requires user interaction (clicking a malicious link) to trigger the redirect but affects all versions of the platform until the specific commit is applied; no public exploit code has been identified at the time of analysis.
Open redirect vulnerability in WeGIA web manager prior to version 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external URLs by injecting a malicious redirect parameter into HTTP requests. The vulnerability exploits missing URL validation on the redirect parameter, which is passed directly to PHP's header() function without sanitization or whitelist checks. User interaction is required as the victim must click a crafted link, but successful exploitation can facilitate phishing attacks or credential theft by redirecting users to attacker-controlled domains that masquerade as legitimate institutional websites.
Open Redirect vulnerability in WeGIA versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint when combined with specific parameters (metodo=listarTodos and nomeClasse=EstoqueControle). Attackers can exploit the application's trusted domain to conduct phishing attacks, steal credentials, distribute malware, or execute social engineering campaigns. The vulnerability has been patched in version 3.6.9.
Open redirect vulnerability in WeGIA versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the nextPage parameter in the /WeGIA/controle/control.php endpoint. By combining this with specific query parameters (metodo=listarTodos, listarId_Nome, nomeClasse=OrigemControle), attackers can leverage the trusted WeGIA domain for phishing, credential harvesting, malware distribution, and social engineering attacks. The vulnerability is fixed in version 3.6.9.
Open redirect in WeGIA web management application versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via an unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint. By crafting a malicious URL combining metodo=listarId and nomeClasse=IsaidaControle parameters, attackers can leverage the application's trusted domain for phishing, credential harvesting, malware distribution, and social engineering attacks. The vulnerability is fixed in version 3.6.9.
Open redirect vulnerability in WeGIA web application versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external URLs via an unvalidated redirect parameter in GET requests. The vulnerability requires user interaction (clicking a malicious link) and has limited confidentiality and integrity impact. This is fixed in version 3.6.9.
Open redirect vulnerability in WeGIA web manager versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint. The vulnerability requires user interaction (clicking a malicious link) but leverages the trusted WeGIA domain to facilitate phishing, credential theft, and malware distribution attacks. This issue is fixed in version 3.6.9.
Open redirect in Ascertia SigningHub User v10.0 allows unauthenticated remote attackers to redirect users to attacker-controlled websites via crafted URLs, enabling phishing and credential harvesting attacks. The vulnerability requires user interaction (UI:R) to trigger but affects users across security domains (S:C), with CVSS 6.1 (Medium) and no confirmed active exploitation or public exploit code identified at time of analysis.
Open redirect vulnerability in Directus login redirection logic allows unauthenticated attackers to bypass URL allow-list validation through malformed URLs containing backslashes, silently redirecting authenticated users to arbitrary external domains. The vulnerability exploits a parser differential between server-side validation and browser URL normalization, creating a phishing vector particularly dangerous in SSO/OAuth2 flows where attackers can capture authentication tokens without visible user indication. CVSS 6.1 reflects moderate real-world risk due to user interaction requirement and limited direct confidentiality impact, but the attack chain (authentication + silent redirect + credential theft) presents meaningful business risk.
Open redirect vulnerability in Directus allows unauthenticated attackers to redirect administrators to attacker-controlled URLs after 2FA setup completion via crafted `/admin/tfa-setup` redirect parameter. The attack leverages user interaction on the trusted Directus domain before redirecting to a malicious site, enabling phishing campaigns targeting administrators. CVSS 4.3 (low severity), no public exploit code or active exploitation confirmed.
Open redirect vulnerability in JupyterHub prior to version 5.4.4 allows unauthenticated remote attackers to craft malicious links that bypass JupyterHub's redirect validation, redirecting users through the legitimate login page to arbitrary attacker-controlled sites. This enables phishing attacks and credential harvesting by leveraging JupyterHub's trusted domain to establish credibility. The vulnerability requires user interaction (clicking a link) and has been patched in version 5.4.4.
Open redirect vulnerability in Casdoor 2.356.0 OAuth Authorization Request Handler allows remote attackers to manipulate the redirect_uri parameter and redirect users to arbitrary external sites. The vulnerability requires user interaction (UI:R) but has low CVSS severity (4.3); however, publicly available exploit code exists and the vendor has not responded to disclosure attempts, leaving deployed instances unpatched.
Open redirect in Hoppscotch API development platform prior to version 2026.3.0 enables token exfiltration leading to complete account takeover. Attackers can craft malicious URLs that redirect authenticated users to attacker-controlled domains, stealing authentication tokens in transit. The vulnerability requires no authentication and minimal attack complexity (CVSS:4.0 AV:N/AC:L/PR:N), though user interaction is required (UI:A). No public exploit code or active exploitation confirmed at time of analysis, though the attack pattern is well-understood for CWE-601 vulnerabilities.
Hoppscotch prior to version 2026.3.0 contains a DOM-based open redirect vulnerability in the /enter page that allows unauthenticated remote attackers to redirect users to arbitrary external URLs through an unvalidated redirect query parameter. The vulnerability requires user interaction (clicking a malicious link) and has limited impact (integrity only), but poses a real phishing risk. Vendor-released patch available in version 2026.3.0.
Open redirect in Red Hat Build of Keycloak allows authenticated attackers with control over another path on the same web server to bypass wildcard-based redirect URI validation and steal OAuth access tokens. Attack requires low complexity and user interaction (CVSS 7.3). EPSS and KEV status not available; no public exploit identified at time of analysis. This CWE-601 flaw enables token theft through maliciously crafted redirect flows, posing significant risk to SSO deployments where Keycloak shares a web server with attacker-controllable content.
Open redirect vulnerability in IBM Verify Identity Access Container versions 11.0-11.0.2 and 10.0-10.0.9.1, and IBM Security Verify Access Container and non-container variants across the same version ranges, enables remote phishing attacks via specially crafted requests that redirect users to arbitrary websites. The attack requires user interaction (UI:R) and unusual network or exploitation circumstances (AC:H), limiting real-world impact; no public exploit code or confirmed active exploitation has been identified.
Host header manipulation in FreeScout prior to version 1.8.211 allows unauthenticated remote attackers to inject arbitrary domains into application-generated absolute URLs, enabling open redirects and external resource loading attacks. The vulnerability exploits unvalidated Host header values to construct malicious links and asset references, potentially redirecting users to attacker-controlled domains or loading external resources from compromised servers. CVSS 5.4 reflects low-to-moderate real-world risk given the requirement for user interaction (UI:R), though no active exploitation has been publicly confirmed.
Open redirect vulnerability in Discourse versions 2026.1.0 through 2026.3.0 allows unauthenticated remote attackers to redirect users to arbitrary destinations via a malicious sso_destination_url cookie, exploiting a lack of URL validation in the StaticController enter action. While the cookie is normally set during legitimate DiscourseConnect Provider flows with cryptographic validation, attackers can directly set client-controlled cookies to bypass validation logic. The vulnerability requires user interaction (clicking a crafted link) and persistence of attacker-controlled cookies to exploit, but successful exploitation can be used for credential harvesting or phishing attacks. No public exploit code or active exploitation has been confirmed at time of analysis. Patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available.
Open redirect in Search Guard FLX up to version 4.0.1 allows unauthenticated remote attackers to craft malicious requests that redirect users to untrusted URLs, enabling phishing and credential theft attacks. The vulnerability requires user interaction (clicking a redirected link) and affects all versions through 4.0.1. No public exploit code or active exploitation has been confirmed at time of analysis.
Mastodon prior to versions 4.5.8, 4.4.15, and 4.3.21 contains an unauthenticated Open Redirect vulnerability in the `/web/*` route that allows remote attackers to redirect users to arbitrary external domains via specially URL-encoded path segments. An attacker can exploit this to conduct phishing attacks or steal OAuth credentials by crafting malicious links that bypass Rails path normalization through URL-encoded slashes (%2F). No public exploit code or active exploitation has been confirmed at time of analysis.
Statamic CMS versions prior to 5.73.16 and 6.7.2 contain an open redirect vulnerability in external URL detection logic that protects unauthenticated endpoints. Unauthenticated remote attackers can exploit insufficient redirect validation to bypass security controls and redirect users to attacker-controlled external URLs following form submissions or authentication workflows, potentially facilitating phishing, credential theft, or malware distribution. No public exploit code or active exploitation has been identified at time of analysis.
An Open Redirect vulnerability exists in Hitachi Ops Center Administrator versions 10.2.0 through 11.0.7, allowing unauthenticated attackers to redirect users to arbitrary external websites through a crafted URL. The vulnerability requires user interaction (clicking a malicious link) but can be leveraged for phishing attacks, credential harvesting, or malware distribution. There is no indication of active exploitation in the wild or public proof-of-concept availability at this time.
SuiteCRM versions prior to 7.15.1 and 8.9.3 contain an unauthenticated open redirect vulnerability in the WebToLead feature that allows attackers to redirect users to arbitrary external websites by manipulating an unvalidated POST parameter. An attacker can leverage the trusted SuiteCRM domain to conduct phishing and social engineering attacks against users without requiring authentication or user interaction beyond clicking a malicious link. No patch is currently available for affected versions.
Open Redirect in Angular SSR allows remote attackers to bypass redirect validation through a single backslash character in the X-Forwarded-Prefix header, causing browsers to interpret the malformed URL as a protocol-relative redirect to attacker-controlled domains. This vulnerability affects Angular SSR applications deployed behind proxies and represents an incomplete fix for a prior open redirect issue. An attacker can craft requests to redirect authenticated users away from the legitimate application without user interaction.
WWBN/AVideo fails to properly validate the redirectUri parameter in its login flow, allowing attackers to craft malicious URLs that redirect authenticated users to attacker-controlled sites after successful login. The vulnerability stems from insufficient encoding of user input before it is embedded into JavaScript code that executes a redirect via document.location. An attacker can exploit this open redirect to perform phishing attacks or distribute malware by tricking users into clicking a login link with an attacker-controlled redirect destination.
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl parameter that allows attackers to inject arbitrary JavaScript code. When an authenticated victim clicks a malicious URL crafted by an attacker, the injected script executes in the victim's browser with the victim's privileges, potentially enabling session hijacking, credential theft, or unauthorized actions within the CMS. The vulnerability was remediated in version 1.4.6, and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication contexts represents a significant security risk requiring prompt patching.
A URL redirection vulnerability in Samsung Account allows remote attackers to potentially steal user access tokens through malicious redirect chains. The vulnerability affects Samsung Account versions prior to 15.5.01.1 and requires user interaction to exploit. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a moderate CVSS score of 7.0 and could lead to account takeover if successfully exploited.
Medium severity vulnerability in See description. #
Authenticated users in mirror-registry can exploit open redirect functionality to access internal or restricted systems by supplying malicious URLs that the application blindly follows without destination validation. This allows attackers with valid credentials to bypass access controls and reach systems they should not have permission to interact with. No patch is currently available for this medium-severity vulnerability.
WellChoose's IFTOP Organization Portal System contains an open redirect vulnerability that permits authenticated attackers to craft deceptive URLs capable of redirecting users to malicious websites. The vulnerability requires user interaction to trigger and affects cross-origin requests, enabling credential theft or malware distribution through social engineering. No patch is currently available to remediate this issue.
web-based management interface of AOS-CX Switches is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. [CVSS 3.1 LOW]
Open redirect vulnerabilities in Sylius eCommerce Framework allow unauthenticated attackers to redirect users to arbitrary domains by manipulating the HTTP Referer header through multiple controllers, enabling phishing and credential theft attacks when victims click malicious links from attacker-controlled sites. Public endpoints are trivially exploitable without authentication, while admin endpoints require an authenticated session but remain vulnerable if administrators follow external links. No patch is currently available for this medium-severity flaw.
Pocket ID versions 2.0.0 through 2.3.x suffer from improper callback URL validation that allows attackers to bypass redirect URI restrictions using URL userinfo characters (@), enabling authorization code interception. An attacker can craft a malicious authorization link to redirect authentication codes to an attacker-controlled server if a user is tricked into clicking it. Public exploit code exists for this vulnerability, and no patch is currently available.
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 6.1 MEDIUM]
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code. [CVSS 6.1 MEDIUM]
ZITADEL versions 4.0.0-rc.1 through 4.7.0 are vulnerable to open redirect attacks through improper validation of the Forwarded and X-Forwarded-Host headers used in password reset links. An attacker can craft a malicious request to redirect users to an attacker-controlled domain when they click password reset confirmation links, enabling credential harvesting or phishing attacks. The vulnerability affects all deployments using affected versions and has been patched in version 4.7.1.
Kings Plugins B2BKing Premium before version 5.4.20 contains an open redirect vulnerability that allows attackers to craft malicious links redirecting users to untrusted external sites. This network-accessible vulnerability requires user interaction to exploit but can be leveraged for phishing attacks with no patch currently available. The vulnerability has a CVSS score of 4.7 and affects the confidentiality of user information through credential harvesting or social engineering.
Unauthorized account takeover in Internet Routing Registry daemon (IRRD) versions 4.4.0-4.4.4 and 4.5.0-4.5.0 results from improper Host header validation during password reset and account creation flows, allowing attackers to redirect confirmation emails to attacker-controlled domains. An attacker can intercept the confirmation token from a user's email and leverage it to compromise the targeted account, potentially gaining ability to modify RPSL objects and perform unauthorized account actions. Users without two-factor authentication enabled face complete account compromise, while those with 2FA may still be at risk depending on implementation details.
Products.isurlinportal is a replacement for isURLInPortal method in Plone. versions up to 2.1.0 is affected by url redirection to untrusted site (open redirect) (CVSS 5.3).
Allauth versions up to 65.14.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. [CVSS 4.8 MEDIUM]
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. [CVSS 4.4 MEDIUM]
all-in-one workspace and an operating system. versions up to 0.26.0 is affected by url redirection to untrusted site (open redirect).
The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` hea...
Bigbluebutton versions up to 3.0.20 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Teamcity versions up to 2025.11.3 is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Openemr versions up to 8.0.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Open redirect in Horilla up to version 1.0.2 allows remote attackers to redirect users to arbitrary external websites by manipulating the prev_url query parameter in the global search functionality. Public exploit code exists for this vulnerability, making it actively exploitable in the wild. Upgrading to version 1.0.3 or applying patch 730b5a44ff060916780c44a4bdbc8ced70a2cd27 resolves the issue.
Traccar GPS tracking system through version 6.11.1 allows authenticated users to hijack OAuth 2.0 authorization codes through unvalidated redirect URIs in OIDC endpoints, enabling account takeover on integrated applications. The vulnerability stems from missing whitelist validation on the redirect_uri parameter, permitting attackers to exfiltrate authorization codes to attacker-controlled servers. Public exploit code exists for this HIGH severity flaw, and no patch is currently available.
Conditional CAPTCHA WordPre versions up to 4.0.0 is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Feathersjs versions 5.0.39 and below contain an open redirect vulnerability in the redirect query parameter that fails to properly validate user-supplied values, enabling attackers to inject authority into URLs and steal access tokens through URL manipulation. An unauthenticated remote attacker can exploit this by crafting a malicious redirect URL that causes the victim's browser to send the access token to an attacker-controlled domain, resulting in account takeover. A patch is available for affected installations.
An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. [CVSS 4.7 MEDIUM]
Spip versions up to 4.4.5 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
The Update URLs WordPress plugin through version 1.4.0 contains an open redirect vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to arbitrary external sites, enabling phishing attacks. The vulnerability requires user interaction to click a crafted link but has no patch currently available. Affected WordPress sites using this plugin should upgrade or disable it immediately.
A flaw has been found in busy versions up to 2.5.5. is affected by url redirection to untrusted site (open redirect) (CVSS 3.5).
Frontend Post Submission Manager Lite (WordPress plugin) versions up to 1.2.7 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
URL Shortify (WordPress plugin) versions up to 1.12.1 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).
Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).
from 4.30 versions up to 16022026. is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Malicious signup URLs in Frappe versions prior to 14.99.14 and 15.94.0 can redirect users to attacker-controlled sites or execute reflected XSS payloads during the registration process. An attacker can craft a crafted signup link to trick users into visiting malicious destinations or having malicious scripts executed in their browsers. A patch is available in the fixed versions.
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. [CVSS 6.1 MEDIUM]
Doorman versions up to 0.6. is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Client-certificate-auth middleware for Node.js versions 0.2.1 and 0.3.0 fails to validate the Host header when redirecting HTTP requests to HTTPS, enabling attackers to craft malicious redirects that direct users to arbitrary domains. Public exploit code exists for this open redirect vulnerability, and no patch is currently available for affected versions.
A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products t...
Open redirect in web2py 2.27.1 and earlier allows unauthenticated remote attackers to redirect users to arbitrary websites via specially crafted URLs, potentially facilitating phishing attacks. The vulnerability requires user interaction to exploit and affects the application's integrity with network-accessible attack vectors. No patch is currently available.
Qwik versions up to 1.19.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. [CVSS 3.5 LOW]
NocoDB versions prior to 0.301.0 contain an open redirect vulnerability in the login flow where the `continueAfterSignIn` parameter is not validated, allowing attackers to redirect authenticated users to arbitrary external websites. Public exploit code exists for this vulnerability, which enables phishing attacks by abusing user trust in the legitimate login process to facilitate credential theft through social engineering. Authenticated users are at risk of being redirected to attacker-controlled domains immediately after successful login.
A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. [CVSS 3.5 LOW]
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive U...
WeGIA charitable institution management software versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing unauthenticated attackers to redirect users to arbitrary external sites for phishing and credential theft. Public exploit code exists for this vulnerability. The flaw is resolved in version 3.6.2 and later.
WeGIA charitable institution management software versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing attackers to redirect authenticated users to malicious external sites. Public exploit code exists for this vulnerability, which can be leveraged for phishing, credential harvesting, and malware distribution attacks while maintaining the appearance of a trusted WeGIA domain. The vulnerability is resolved in WeGIA 3.6.2 and later versions.
WeGIA versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to properly validate the nextPage parameter, allowing attackers to redirect authenticated users to malicious external sites. Public exploit code exists for this vulnerability, enabling attackers to conduct phishing campaigns and credential harvesting attacks while leveraging the trust associated with the legitimate WeGIA domain. Update to version 3.6.2 or later to remediate this issue.
WeGIA versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing unauthenticated attackers to redirect users to arbitrary external websites. Public exploit code exists for this vulnerability, which can be leveraged for phishing, credential harvesting, and malware distribution attacks that abuse the trusted WeGIA domain. The vulnerability is resolved in version 3.6.2.
WeGIA prior to version 3.6.2 contains an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing attackers to craft malicious links redirecting users to arbitrary external sites for phishing and credential theft. Public exploit code exists for this vulnerability, which affects all users who click attacker-controlled links within the application. The vulnerability is resolved in version 3.6.2.
Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authenticated users to attacker-controlled websites. This allows threat actors to harvest credentials and conduct phishing attacks against unsuspecting users following successful authentication. The vulnerability requires user interaction but carries minimal complexity, affecting systems accessible over the network.
Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).
React Router is a router for React. In @remix-run/router version prior to 1.23.2. [CVSS 8.0 HIGH]
Directus versions prior to 11.14.0 contain an open redirect vulnerability in the SAML authentication callback that allows unauthenticated attackers to redirect users to arbitrary external URLs by manipulating the RelayState parameter. The validation checks present during login initiation are not applied to the callback endpoint, enabling phishing and credential theft attacks. A patch is available in version 11.14.0 and later.
Open Redirect in Chamilo LMS versions prior to 1.11.38 and 2.0.0-RC.3 allows unauthenticated remote attackers to redirect authenticated administrators to arbitrary external URLs via a malicious redirect parameter on the session course edit page, while simultaneously leaking the id_session parameter to attacker-controlled servers. The vulnerability requires user interaction (UI:R) but affects confidentiality through session parameter disclosure and crosses trust boundaries (S:C), resulting in CVSS 4.7 with low real-world risk due to authentication and user-interaction requirements.
Open redirect vulnerability in Chamilo LMS login endpoint allows unauthenticated remote attackers to redirect users to arbitrary external websites via the redirect parameter, affecting versions 1.11.0 through 2.0-beta.1. The vulnerability was patched in 2.0-beta.2 and subsequent releases. No public exploit code or active exploitation has been confirmed, but the attack requires no authentication or special complexity and could be weaponized for phishing campaigns.
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint.
Open redirect vulnerability in Apache Tomcat's LoadBalancerDrainingValve allows unauthenticated remote attackers to redirect users to untrusted sites via crafted URLs. Affects Tomcat 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M23 through 9.0.115, and 8.5.30 through 8.5.100. The vulnerability requires user interaction (clicking a malicious link) and has low real-world exploitation probability (EPSS 0.01%), with no public exploit code or confirmed active exploitation identified at the time of analysis.
Open redirect vulnerability in LORIS (Longitudinal Online Research and Imaging System) versions prior to 27.0.3 and 28.0.1 allows unauthenticated remote attackers to redirect authenticated users to arbitrary external websites via a malicious redirect parameter during login. The vulnerability requires user interaction (clicking a crafted link) but poses a meaningful phishing risk in neuroimaging research environments where LORIS deployments are common. No public exploit code or active exploitation has been confirmed at the time of analysis.
Cross-origin request body replay in OpenClaw's fetchWithSsrFGuard function before version 2026.3.31 enables attackers to exfiltrate sensitive request data and headers to unintended origins through redirect manipulation. The vulnerability requires user interaction and allows high confidentiality impact through unsafe request body transmission across origin boundaries. Affects unauthenticated contexts. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00.
Open redirect vulnerability in ChurchCRM prior to version 7.0.0 allows authenticated users to be redirected to arbitrary URLs via crafted links containing unvalidated redirect parameters, particularly through the 'linkBack' parameter used across multiple application pages including DonatedItemEditor.php. An attacker can create a malicious link that redirects authenticated users to external sites when they interact with UI elements, enabling phishing attacks and credential theft. The vulnerability requires an authenticated user and user interaction (clicking a button), reducing immediate risk but posing moderate concern in social engineering scenarios.
Open redirect vulnerability in HPE Aruba Networking Private 5G Core On-Prem GUI enables credential harvesting attacks against authenticated users. Remote attackers can craft malicious URLs that redirect victims from the legitimate login flow to attacker-controlled phishing pages designed to capture credentials. With CVSS 8.8 (High) severity and network-reachable attack surface requiring no authentication, this represents significant phishing risk for organizations deploying private 5G infrastructure. No public exploit identified at time of analysis, though exploitation requires minimal technical complexity.
Open edX Platform versions prior to commit 76462f1e5fa9b37d2621ad7ad19514b403908970 suffer from an open redirect vulnerability in the view_survey endpoint that accepts unvalidated redirect_url parameters, enabling attackers to redirect authenticated users to arbitrary attacker-controlled URLs for phishing and credential theft. The vulnerability requires user interaction (clicking a malicious link) to trigger the redirect but affects all versions of the platform until the specific commit is applied; no public exploit code has been identified at the time of analysis.
Open redirect vulnerability in WeGIA web manager prior to version 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external URLs by injecting a malicious redirect parameter into HTTP requests. The vulnerability exploits missing URL validation on the redirect parameter, which is passed directly to PHP's header() function without sanitization or whitelist checks. User interaction is required as the victim must click a crafted link, but successful exploitation can facilitate phishing attacks or credential theft by redirecting users to attacker-controlled domains that masquerade as legitimate institutional websites.
Open Redirect vulnerability in WeGIA versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint when combined with specific parameters (metodo=listarTodos and nomeClasse=EstoqueControle). Attackers can exploit the application's trusted domain to conduct phishing attacks, steal credentials, distribute malware, or execute social engineering campaigns. The vulnerability has been patched in version 3.6.9.
Open redirect vulnerability in WeGIA versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the nextPage parameter in the /WeGIA/controle/control.php endpoint. By combining this with specific query parameters (metodo=listarTodos, listarId_Nome, nomeClasse=OrigemControle), attackers can leverage the trusted WeGIA domain for phishing, credential harvesting, malware distribution, and social engineering attacks. The vulnerability is fixed in version 3.6.9.
Open redirect in WeGIA web management application versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via an unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint. By crafting a malicious URL combining metodo=listarId and nomeClasse=IsaidaControle parameters, attackers can leverage the application's trusted domain for phishing, credential harvesting, malware distribution, and social engineering attacks. The vulnerability is fixed in version 3.6.9.
Open redirect vulnerability in WeGIA web application versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external URLs via an unvalidated redirect parameter in GET requests. The vulnerability requires user interaction (clicking a malicious link) and has limited confidentiality and integrity impact. This is fixed in version 3.6.9.
Open redirect vulnerability in WeGIA web manager versions prior to 3.6.9 allows unauthenticated remote attackers to redirect users to arbitrary external websites via the unvalidated nextPage parameter in the /WeGIA/controle/control.php endpoint. The vulnerability requires user interaction (clicking a malicious link) but leverages the trusted WeGIA domain to facilitate phishing, credential theft, and malware distribution attacks. This issue is fixed in version 3.6.9.
Open redirect in Ascertia SigningHub User v10.0 allows unauthenticated remote attackers to redirect users to attacker-controlled websites via crafted URLs, enabling phishing and credential harvesting attacks. The vulnerability requires user interaction (UI:R) to trigger but affects users across security domains (S:C), with CVSS 6.1 (Medium) and no confirmed active exploitation or public exploit code identified at time of analysis.
Open redirect vulnerability in Directus login redirection logic allows unauthenticated attackers to bypass URL allow-list validation through malformed URLs containing backslashes, silently redirecting authenticated users to arbitrary external domains. The vulnerability exploits a parser differential between server-side validation and browser URL normalization, creating a phishing vector particularly dangerous in SSO/OAuth2 flows where attackers can capture authentication tokens without visible user indication. CVSS 6.1 reflects moderate real-world risk due to user interaction requirement and limited direct confidentiality impact, but the attack chain (authentication + silent redirect + credential theft) presents meaningful business risk.
Open redirect vulnerability in Directus allows unauthenticated attackers to redirect administrators to attacker-controlled URLs after 2FA setup completion via crafted `/admin/tfa-setup` redirect parameter. The attack leverages user interaction on the trusted Directus domain before redirecting to a malicious site, enabling phishing campaigns targeting administrators. CVSS 4.3 (low severity), no public exploit code or active exploitation confirmed.
Open redirect vulnerability in JupyterHub prior to version 5.4.4 allows unauthenticated remote attackers to craft malicious links that bypass JupyterHub's redirect validation, redirecting users through the legitimate login page to arbitrary attacker-controlled sites. This enables phishing attacks and credential harvesting by leveraging JupyterHub's trusted domain to establish credibility. The vulnerability requires user interaction (clicking a link) and has been patched in version 5.4.4.
Open redirect vulnerability in Casdoor 2.356.0 OAuth Authorization Request Handler allows remote attackers to manipulate the redirect_uri parameter and redirect users to arbitrary external sites. The vulnerability requires user interaction (UI:R) but has low CVSS severity (4.3); however, publicly available exploit code exists and the vendor has not responded to disclosure attempts, leaving deployed instances unpatched.
Open redirect in Hoppscotch API development platform prior to version 2026.3.0 enables token exfiltration leading to complete account takeover. Attackers can craft malicious URLs that redirect authenticated users to attacker-controlled domains, stealing authentication tokens in transit. The vulnerability requires no authentication and minimal attack complexity (CVSS:4.0 AV:N/AC:L/PR:N), though user interaction is required (UI:A). No public exploit code or active exploitation confirmed at time of analysis, though the attack pattern is well-understood for CWE-601 vulnerabilities.
Hoppscotch prior to version 2026.3.0 contains a DOM-based open redirect vulnerability in the /enter page that allows unauthenticated remote attackers to redirect users to arbitrary external URLs through an unvalidated redirect query parameter. The vulnerability requires user interaction (clicking a malicious link) and has limited impact (integrity only), but poses a real phishing risk. Vendor-released patch available in version 2026.3.0.
Open redirect in Red Hat Build of Keycloak allows authenticated attackers with control over another path on the same web server to bypass wildcard-based redirect URI validation and steal OAuth access tokens. Attack requires low complexity and user interaction (CVSS 7.3). EPSS and KEV status not available; no public exploit identified at time of analysis. This CWE-601 flaw enables token theft through maliciously crafted redirect flows, posing significant risk to SSO deployments where Keycloak shares a web server with attacker-controllable content.
Open redirect vulnerability in IBM Verify Identity Access Container versions 11.0-11.0.2 and 10.0-10.0.9.1, and IBM Security Verify Access Container and non-container variants across the same version ranges, enables remote phishing attacks via specially crafted requests that redirect users to arbitrary websites. The attack requires user interaction (UI:R) and unusual network or exploitation circumstances (AC:H), limiting real-world impact; no public exploit code or confirmed active exploitation has been identified.
Host header manipulation in FreeScout prior to version 1.8.211 allows unauthenticated remote attackers to inject arbitrary domains into application-generated absolute URLs, enabling open redirects and external resource loading attacks. The vulnerability exploits unvalidated Host header values to construct malicious links and asset references, potentially redirecting users to attacker-controlled domains or loading external resources from compromised servers. CVSS 5.4 reflects low-to-moderate real-world risk given the requirement for user interaction (UI:R), though no active exploitation has been publicly confirmed.
Open redirect vulnerability in Discourse versions 2026.1.0 through 2026.3.0 allows unauthenticated remote attackers to redirect users to arbitrary destinations via a malicious sso_destination_url cookie, exploiting a lack of URL validation in the StaticController enter action. While the cookie is normally set during legitimate DiscourseConnect Provider flows with cryptographic validation, attackers can directly set client-controlled cookies to bypass validation logic. The vulnerability requires user interaction (clicking a crafted link) and persistence of attacker-controlled cookies to exploit, but successful exploitation can be used for credential harvesting or phishing attacks. No public exploit code or active exploitation has been confirmed at time of analysis. Patched versions 2026.1.3, 2026.2.2, and 2026.3.0 are available.
Open redirect in Search Guard FLX up to version 4.0.1 allows unauthenticated remote attackers to craft malicious requests that redirect users to untrusted URLs, enabling phishing and credential theft attacks. The vulnerability requires user interaction (clicking a redirected link) and affects all versions through 4.0.1. No public exploit code or active exploitation has been confirmed at time of analysis.
Mastodon prior to versions 4.5.8, 4.4.15, and 4.3.21 contains an unauthenticated Open Redirect vulnerability in the `/web/*` route that allows remote attackers to redirect users to arbitrary external domains via specially URL-encoded path segments. An attacker can exploit this to conduct phishing attacks or steal OAuth credentials by crafting malicious links that bypass Rails path normalization through URL-encoded slashes (%2F). No public exploit code or active exploitation has been confirmed at time of analysis.
Statamic CMS versions prior to 5.73.16 and 6.7.2 contain an open redirect vulnerability in external URL detection logic that protects unauthenticated endpoints. Unauthenticated remote attackers can exploit insufficient redirect validation to bypass security controls and redirect users to attacker-controlled external URLs following form submissions or authentication workflows, potentially facilitating phishing, credential theft, or malware distribution. No public exploit code or active exploitation has been identified at time of analysis.
An Open Redirect vulnerability exists in Hitachi Ops Center Administrator versions 10.2.0 through 11.0.7, allowing unauthenticated attackers to redirect users to arbitrary external websites through a crafted URL. The vulnerability requires user interaction (clicking a malicious link) but can be leveraged for phishing attacks, credential harvesting, or malware distribution. There is no indication of active exploitation in the wild or public proof-of-concept availability at this time.
SuiteCRM versions prior to 7.15.1 and 8.9.3 contain an unauthenticated open redirect vulnerability in the WebToLead feature that allows attackers to redirect users to arbitrary external websites by manipulating an unvalidated POST parameter. An attacker can leverage the trusted SuiteCRM domain to conduct phishing and social engineering attacks against users without requiring authentication or user interaction beyond clicking a malicious link. No patch is currently available for affected versions.
Open Redirect in Angular SSR allows remote attackers to bypass redirect validation through a single backslash character in the X-Forwarded-Prefix header, causing browsers to interpret the malformed URL as a protocol-relative redirect to attacker-controlled domains. This vulnerability affects Angular SSR applications deployed behind proxies and represents an incomplete fix for a prior open redirect issue. An attacker can craft requests to redirect authenticated users away from the legitimate application without user interaction.
WWBN/AVideo fails to properly validate the redirectUri parameter in its login flow, allowing attackers to craft malicious URLs that redirect authenticated users to attacker-controlled sites after successful login. The vulnerability stems from insufficient encoding of user input before it is embedded into JavaScript code that executes a redirect via document.location. An attacker can exploit this open redirect to perform phishing attacks or distribute malware by tricking users into clicking a login link with an attacker-controlled redirect destination.
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl parameter that allows attackers to inject arbitrary JavaScript code. When an authenticated victim clicks a malicious URL crafted by an attacker, the injected script executes in the victim's browser with the victim's privileges, potentially enabling session hijacking, credential theft, or unauthorized actions within the CMS. The vulnerability was remediated in version 1.4.6, and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication contexts represents a significant security risk requiring prompt patching.
A URL redirection vulnerability in Samsung Account allows remote attackers to potentially steal user access tokens through malicious redirect chains. The vulnerability affects Samsung Account versions prior to 15.5.01.1 and requires user interaction to exploit. While not currently in CISA's Known Exploited Vulnerabilities catalog, the issue has a moderate CVSS score of 7.0 and could lead to account takeover if successfully exploited.
Medium severity vulnerability in See description. #
Authenticated users in mirror-registry can exploit open redirect functionality to access internal or restricted systems by supplying malicious URLs that the application blindly follows without destination validation. This allows attackers with valid credentials to bypass access controls and reach systems they should not have permission to interact with. No patch is currently available for this medium-severity vulnerability.
WellChoose's IFTOP Organization Portal System contains an open redirect vulnerability that permits authenticated attackers to craft deceptive URLs capable of redirecting users to malicious websites. The vulnerability requires user interaction to trigger and affects cross-origin requests, enabling credential theft or malware distribution through social engineering. No patch is currently available to remediate this issue.
web-based management interface of AOS-CX Switches is affected by url redirection to untrusted site (open redirect) (CVSS 6.5).
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. [CVSS 3.1 LOW]
Open redirect vulnerabilities in Sylius eCommerce Framework allow unauthenticated attackers to redirect users to arbitrary domains by manipulating the HTTP Referer header through multiple controllers, enabling phishing and credential theft attacks when victims click malicious links from attacker-controlled sites. Public endpoints are trivially exploitable without authentication, while admin endpoints require an authenticated session but remain vulnerable if administrators follow external links. No patch is currently available for this medium-severity flaw.
Pocket ID versions 2.0.0 through 2.3.x suffer from improper callback URL validation that allows attackers to bypass redirect URI restrictions using URL userinfo characters (@), enabling authorization code interception. An attacker can craft a malicious authorization link to redirect authentication codes to an attacker-controlled server if a user is tricked into clicking it. Public exploit code exists for this vulnerability, and no patch is currently available.
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. [CVSS 6.1 MEDIUM]
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code. [CVSS 6.1 MEDIUM]
ZITADEL versions 4.0.0-rc.1 through 4.7.0 are vulnerable to open redirect attacks through improper validation of the Forwarded and X-Forwarded-Host headers used in password reset links. An attacker can craft a malicious request to redirect users to an attacker-controlled domain when they click password reset confirmation links, enabling credential harvesting or phishing attacks. The vulnerability affects all deployments using affected versions and has been patched in version 4.7.1.
Kings Plugins B2BKing Premium before version 5.4.20 contains an open redirect vulnerability that allows attackers to craft malicious links redirecting users to untrusted external sites. This network-accessible vulnerability requires user interaction to exploit but can be leveraged for phishing attacks with no patch currently available. The vulnerability has a CVSS score of 4.7 and affects the confidentiality of user information through credential harvesting or social engineering.
Unauthorized account takeover in Internet Routing Registry daemon (IRRD) versions 4.4.0-4.4.4 and 4.5.0-4.5.0 results from improper Host header validation during password reset and account creation flows, allowing attackers to redirect confirmation emails to attacker-controlled domains. An attacker can intercept the confirmation token from a user's email and leverage it to compromise the targeted account, potentially gaining ability to modify RPSL objects and perform unauthorized account actions. Users without two-factor authentication enabled face complete account compromise, while those with 2FA may still be at risk depending on implementation details.
Products.isurlinportal is a replacement for isURLInPortal method in Plone. versions up to 2.1.0 is affected by url redirection to untrusted site (open redirect) (CVSS 5.3).
Allauth versions up to 65.14.1 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. [CVSS 4.8 MEDIUM]
A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required privileges could edit a node label to inject HTML tags. [CVSS 4.4 MEDIUM]
all-in-one workspace and an operating system. versions up to 0.26.0 is affected by url redirection to untrusted site (open redirect).
The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic normalizes URL segments by stripping leading slashes; however, it only removes a single leading slash. When an Angular SSR application is deployed behind a proxy that passes the `X-Forwarded-Prefix` hea...
Bigbluebutton versions up to 3.0.20 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Teamcity versions up to 2025.11.3 is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Openemr versions up to 8.0.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
Open redirect in Horilla up to version 1.0.2 allows remote attackers to redirect users to arbitrary external websites by manipulating the prev_url query parameter in the global search functionality. Public exploit code exists for this vulnerability, making it actively exploitable in the wild. Upgrading to version 1.0.3 or applying patch 730b5a44ff060916780c44a4bdbc8ced70a2cd27 resolves the issue.
Traccar GPS tracking system through version 6.11.1 allows authenticated users to hijack OAuth 2.0 authorization codes through unvalidated redirect URIs in OIDC endpoints, enabling account takeover on integrated applications. The vulnerability stems from missing whitelist validation on the redirect_uri parameter, permitting attackers to exfiltrate authorization codes to attacker-controlled servers. Public exploit code exists for this HIGH severity flaw, and no patch is currently available.
Conditional CAPTCHA WordPre versions up to 4.0.0 is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Feathersjs versions 5.0.39 and below contain an open redirect vulnerability in the redirect query parameter that fails to properly validate user-supplied values, enabling attackers to inject authority into URLs and steal access tokens through URL manipulation. An unauthenticated remote attacker can exploit this by crafting a malicious redirect URL that causes the victim's browser to send the access token to an attacker-controlled domain, resulting in account takeover. A patch is available for affected installations.
An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain. [CVSS 4.7 MEDIUM]
Spip versions up to 4.4.5 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
The Update URLs WordPress plugin through version 1.4.0 contains an open redirect vulnerability that allows unauthenticated attackers to craft malicious links redirecting users to arbitrary external sites, enabling phishing attacks. The vulnerability requires user interaction to click a crafted link but has no patch currently available. Affected WordPress sites using this plugin should upgrade or disable it immediately.
A flaw has been found in busy versions up to 2.5.5. is affected by url redirection to untrusted site (open redirect) (CVSS 3.5).
Frontend Post Submission Manager Lite (WordPress plugin) versions up to 1.2.7 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
URL Shortify (WordPress plugin) versions up to 1.12.1 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).
Db2 Recovery Expert versions up to 5.5.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.8).
from 4.30 versions up to 16022026. is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Malicious signup URLs in Frappe versions prior to 14.99.14 and 15.94.0 can redirect users to attacker-controlled sites or execute reflected XSS payloads during the registration process. An attacker can craft a crafted signup link to trick users into visiting malicious destinations or having malicious scripts executed in their browsers. A patch is available in the fixed versions.
Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate request headers. [CVSS 6.1 MEDIUM]
Doorman versions up to 0.6. is affected by url redirection to untrusted site (open redirect) (CVSS 4.3).
Client-certificate-auth middleware for Node.js versions 0.2.1 and 0.3.0 fails to validate the Host header when redirecting HTTP requests to HTTPS, enabling attackers to craft malicious redirects that direct users to arbitrary domains. Public exploit code exists for this open redirect vulnerability, and no patch is currently available for affected versions.
A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes open redirect. The attack can be initiated remotely. The exploit has been published and may be used. The vendor confirms that the affected product is end-of-life. They confirm that they "will issue a consolidated Security Advisory on our official support website." This vulnerability only affects products t...
Open redirect in web2py 2.27.1 and earlier allows unauthenticated remote attackers to redirect users to arbitrary websites via specially crafted URLs, potentially facilitating phishing attacks. The vulnerability requires user interaction to exploit and affects the application's integrity with network-accessible attack vectors. No patch is currently available.
Qwik versions up to 1.19.0 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1).
A flaw was found in Moodle. An open redirect vulnerability in the OAuth login flow allows a remote attacker to redirect users to attacker-controlled pages after they have successfully authenticated. [CVSS 3.5 LOW]
NocoDB versions prior to 0.301.0 contain an open redirect vulnerability in the login flow where the `continueAfterSignIn` parameter is not validated, allowing attackers to redirect authenticated users to arbitrary external websites. Public exploit code exists for this vulnerability, which enables phishing attacks by abusing user trust in the legitimate login process to facilitate credential theft through social engineering. Authenticated users are at risk of being redirected to attacker-controlled domains immediately after successful login.
A vulnerability was determined in lcg0124 BootDo up to 5ccd963c74058036b466e038cff37de4056c1600. Affected by this vulnerability is the function redirectToLogin of the file AccessControlFilter.java of the component Host Header Handler. [CVSS 3.5 LOW]
Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a standard Backstage backend app. Prior to versions 0.12.2, 0.13.2, 0.14.1, and 0.15.0, the `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive U...
WeGIA charitable institution management software versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing unauthenticated attackers to redirect users to arbitrary external sites for phishing and credential theft. Public exploit code exists for this vulnerability. The flaw is resolved in version 3.6.2 and later.
WeGIA charitable institution management software versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing attackers to redirect authenticated users to malicious external sites. Public exploit code exists for this vulnerability, which can be leveraged for phishing, credential harvesting, and malware distribution attacks while maintaining the appearance of a trusted WeGIA domain. The vulnerability is resolved in WeGIA 3.6.2 and later versions.
WeGIA versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to properly validate the nextPage parameter, allowing attackers to redirect authenticated users to malicious external sites. Public exploit code exists for this vulnerability, enabling attackers to conduct phishing campaigns and credential harvesting attacks while leveraging the trust associated with the legitimate WeGIA domain. Update to version 3.6.2 or later to remediate this issue.
WeGIA versions prior to 3.6.2 contain an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing unauthenticated attackers to redirect users to arbitrary external websites. Public exploit code exists for this vulnerability, which can be leveraged for phishing, credential harvesting, and malware distribution attacks that abuse the trusted WeGIA domain. The vulnerability is resolved in version 3.6.2.
WeGIA prior to version 3.6.2 contains an open redirect vulnerability in the control.php endpoint that fails to validate the nextPage parameter, allowing attackers to craft malicious links redirecting users to arbitrary external sites for phishing and credential theft. Public exploit code exists for this vulnerability, which affects all users who click attacker-controlled links within the application. The vulnerability is resolved in version 3.6.2.
Insufficient validation of login parameters in TDC X401gl Firmware enables open redirect attacks that can redirect authenticated users to attacker-controlled websites. This allows threat actors to harvest credentials and conduct phishing attacks against unsuspecting users following successful authentication. The vulnerability requires user interaction but carries minimal complexity, affecting systems accessible over the network.
Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CVSS 4.7).
React Router is a router for React. In @remix-run/router version prior to 1.23.2. [CVSS 8.0 HIGH]
Directus versions prior to 11.14.0 contain an open redirect vulnerability in the SAML authentication callback that allows unauthenticated attackers to redirect users to arbitrary external URLs by manipulating the RelayState parameter. The validation checks present during login initiation are not applied to the callback endpoint, enabling phishing and credential theft attacks. A patch is available in version 11.14.0 and later.