Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-601 (指向未可信站点的URL重定向(开放重定向)) — Vulnerability Class 722

722 vulnerabilities classified as CWE-601 (指向未可信站点的URL重定向(开放重定向)). AI Chinese analysis included.

CWE-601 represents a critical web application vulnerability where the software accepts user-controlled input to specify a redirect destination without adequate validation. Attackers typically exploit this weakness by crafting malicious URLs that redirect victims to untrusted, phishing sites, often leveraging the trust associated with the legitimate domain to bypass security warnings. This social engineering tactic facilitates credential theft, malware distribution, or session hijacking. To mitigate this risk, developers must implement strict validation mechanisms, such as maintaining an allowlist of permitted domains or verifying that redirect parameters originate from the same origin. Additionally, using relative paths instead of absolute URLs can significantly reduce the attack surface. By ensuring that all redirection targets are explicitly trusted and verified before processing, organizations can prevent unauthorized navigation and protect users from deceptive external links.

MITRE CWE Description
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Common Consequences (2)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
The user may be redirected to an untrusted page that contains malware which may then compromise the user's system. In some cases, an open redirect can also enable the immediate download of a file without the user's permission, because the r…
Access Control, Confidentiality, OtherBypass Protection Mechanism, Gain Privileges or Assume Identity, Other
By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam. The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phi…
Mitigations (5)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Architecture and DesignUse an intermediate disclaimer page that provides the user with a clear warning that they are leaving the current site. Implement a long timeout before the redirect occurs, or force the user to click on the link. Be careful to avoid XSS problems (CWE-79) when generating the disclaimer page.
Architecture and DesignWhen the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs. For example, ID 1 could map to "/login.asp" and ID 2 could map to "http://www.example.com/". Features such as the ESAPI AccessReferenceMap [REF-45] provide this capability.
Architecture and DesignEnsure that no externally-supplied requests are honored by requiring that all redirect requests include a unique nonce generated by the application [REF-483]. Be sure that the nonce is not predictable (CWE-330).
Architecture and Design, ImplementationUnderstand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly throug…
Examples (2)
The following code obtains a URL from the query string and then redirects the user to that URL.
$redirect_url = $_GET['url']; header("Location: " . $redirect_url);
Bad · PHP
http://example.com/example.php?url=http://malicious.example.com
Attack
The following code is a Java servlet that will receive a GET request with a url parameter in the request to redirect the browser to the address specified in the url parameter. The servlet will retrieve the url parameter value from the request and send a response to redirect the browser to the url address.
public class RedirectServlet extends HttpServlet { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String query = request.getQueryString(); if (query.contains("url")) { String url = request.getParameter("url"); response.sendRedirect(url); } } }
Bad · Java
<a href="http://bank.example.com/redirect?url=http://attacker.example.net">Click here to log in</a>
Attack · HTML
CVE IDTitleCVSSSeverityPublished
CVE-2023-35883 WordPress Core Web Vitals & PageSpeed Booster Plugin <= 1.0.12 is vulnerable to Open Redirection — Core Web Vitals & PageSpeed Booster 4.7 Medium2023-12-19
CVE-2023-37982 WordPress Integration for Contact Form 7 and Salesforce Plugin <= 1.3.3 is vulnerable to Open Redirection — Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms 4.7 Medium2023-12-19
CVE-2023-38478 WordPress Integration for WooCommerce and QuickBooks Plugin <= 1.2.3 is vulnerable to Open Redirection — Integration for WooCommerce and QuickBooks 4.7 Medium2023-12-19
CVE-2023-38481 WordPress Integration for WooCommerce and Zoho CRM Plugin < 1.3.7 is vulnerable to Open Redirection — Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin 4.7 Medium2023-12-19
CVE-2023-40602 WordPress Doofinder for WooCommerce Plugin <= 1.5.49 is vulnerable to Open Redirection — Doofinder WP & WooCommerce Search 4.7 Medium2023-12-19
CVE-2023-41648 WordPress Login and Logout Redirect Plugin <= 2.0.3 is vulnerable to Open Redirection — Login and Logout Redirect 4.7 Medium2023-12-19
CVE-2023-45105 WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.3.9 is vulnerable to Open Redirection — affiliate-toolkit – WordPress Affiliate Plugin 4.7 Medium2023-12-19
CVE-2023-6927 Keycloak: open redirect via "form_post.jwt" jarm response mode — Red Hat build of Keycloak 22 4.6 Medium2023-12-18
CVE-2023-6545 Beckhoff: Open redirect in TwinCAT/BSD package authelia-bhf — authelia-bhf of TwinCAT/BSD 4.7 Medium2023-12-14
CVE-2023-46750 Apache Shiro: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Shiro. — Apache Shiro 6.1AIMediumAI2023-12-14
CVE-2023-5629 Schneider Electric Trio Q-Series Ethernet Data Radio 输入验证错误漏洞 — Trio Q-Series Ethernet Data Radio 8.2 High2023-12-14
CVE-2023-6380 Open Redirect in Alkacon Software OpenCms — Open CMS 6.1 Medium2023-12-13
CVE-2023-45762 WordPress Responsive Column Widgets Plugin <= 1.2.7 is vulnerable to Open Redirection — Responsive Column Widgets 4.7 Medium2023-12-07
CVE-2023-47548 WordPress Integrate Google Drive Plugin <= 1.3.2 is vulnerable to Open Redirection — Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site 4.7 Medium2023-12-07
CVE-2023-47779 WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection — Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms 4.7 Medium2023-12-07
CVE-2023-48325 WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection — Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages 4.7 Medium2023-12-07
CVE-2023-49240 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5AIHighAI2023-12-06
CVE-2023-49281 Open Redirect in Login Function of Calendarinho — Calendarinho 4.7 Medium2023-12-01
CVE-2023-42502 Apache Superset: Open Redirect Vulnerability — Apache Superset 4.8 Medium2023-11-28
CVE-2023-47168 Open redirect in /oauth/<service>/mobile_login?redirect_to= — Mattermost 4.3 Medium2023-11-27
CVE-2023-5445 Trellix ePolicy Orchestrator 安全漏洞 — ePolicy Orchestrator 5.4 Medium2023-11-17
CVE-2023-41699 Payara Platform: URL Redirection to untrusted site using FORM authentication — Payara Server, Micro and Embedded 6.1 Medium2023-11-15
CVE-2023-5986 Schneider Electric EcoStruxure Power Monitoring Expert 安全漏洞 — EcoStruxure Power Monitoring Expert (PME) 8.2 High2023-11-15
CVE-2023-45203 Online Examination System v1.0 - Multiple Open Redirects — Online Examination System 6.1 Medium2023-11-01
CVE-2023-45202 Online Examination System v1.0 - Multiple Open Redirects — Online Examination System 6.1 Medium2023-11-01
CVE-2023-45201 Online Examination System v1.0 - Multiple Open Redirects — Online Examination System 6.1 Medium2023-11-01
CVE-2023-20264 Cisco Firepower Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 6.1 Medium2023-11-01
CVE-2023-20886 VMware Workspace ONE 输入验证错误漏洞 — VMware Workspace ONE UEM Console 8.8 High2023-10-31
CVE-2023-4964 Potential open redirect vulnerability in opentext SMAX and AMX product. — Service Management Automation X (SMAX) 8.2 High2023-10-30
CVE-2023-5375 Open Redirect in mosparo/mosparo — mosparo/mosparo 6.1 -2023-10-04

Vulnerabilities classified as CWE-601 (指向未可信站点的URL重定向(开放重定向)) represent 722 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.