Description

This endpoint is possibly vulnerable to URL redirection attacks.

URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.

Remediation

The endpoint should properly sanitize user input

References

Unvalidated Redirects and Forwards Cheat Sheet

Related Vulnerabilities

Werkzeug WSGI URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-28724)

WordPress Plugin Encrypted Blog Multiple Vulnerabilities (0.0.6.2)

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14882)

Joomla! Core 1.5.x Open Redirect (1.5.0 - 1.5.6)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Open Redirect (2.1.6)

Severity

Medium

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Url Redirection