SYM_JSTS_0052 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
URL Redirection to Untrusted Site ('Open Redirect')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The application redirects users to URLs provided directly from request data (such as query parameters or headers) without validating them. This allows attackers to craft links that send users to malicious websites.
Impact
If exploited, attackers can trick users into visiting fraudulent or harmful sites, which can lead to phishing attacks, credential theft, or loss of user trust. This also puts the application's reputation at risk and may aid further attacks against your users.