SYM_PY_0196 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
URL Redirection to Untrusted Site ('Open Redirect')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
User-supplied input from the request is being used directly in a redirect without validation. This allows attackers to craft URLs that redirect users to malicious sites, leading to an open redirect vulnerability.
Impact
If exploited, attackers can trick users into visiting untrusted or malicious websites by sending them links to your application that perform unauthorized redirects. This can facilitate phishing attacks, loss of user trust, and may expose users to further security threats.