URL Redirection to Untrusted Site (‘Open Redirect’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The application performs redirects based on user input without proper validation or sanitization. This allows attackers to craft URLs that redirect users to malicious sites or unauthorized pages.
Impact#
Exploiting this vulnerability, attackers can trick users into trusting harmful websites (phishing) or bypass access controls to reach restricted parts of your app, potentially leading to data theft or account compromise.