SYM_CS_0013 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
URL Redirection to Untrusted Site ('Open Redirect')
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The application redirects users to a URL specified by a query parameter without verifying if itโs a safe, local address. This allows attackers to craft links that send users to malicious websites.
Impact
Exploiting this flaw, attackers can trick users into leaving your site for phishing pages or other harmful destinations, potentially leading to credential theft, loss of user trust, and reputational damage to your organization.