SYM_JSTS_0081 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
URL Redirection to Untrusted Site ('Open Redirect')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | High |
Description
The application uses user-supplied values from the URL (such as query parameters or hash fragments) to set the destination for redirects (e.g., via location.href or location.replace) without properly validating them. This allows attackers to control redirect targets and potentially inject malicious URLs.
Impact
An attacker could trick users into being redirected to malicious external sites, leading to phishing attacks or credential theft. If JavaScript URLs are allowed, it could also enable cross-site scripting (XSS), allowing attackers to run arbitrary scripts in the user's browser and compromise user data or sessions.