/vulndb/Open Redirect

An Open Redirect is a vulnerability where the application takes user input to generate some form of redirection without validating the to-be-redirected-to location.

This vulnerability is commonly used in phishing attacks. An attacker can take advantage of the trust inspired by the vulnerable application to trick the user into visiting a malicious site.

Solution

Ensure that the application can only redirect to a whitelist of approved applications/urls.

References

https://www.owasp.org/index.php/Open_redirect