SYM_RB_0053 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
URL Redirection to Untrusted Site ('Open Redirect')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| OWASP | A01:2021 - Broken Access Control |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The application performs redirects based on user input without proper validation or sanitization. This allows attackers to craft URLs that redirect users to malicious sites or unauthorized pages.
Impact
Exploiting this vulnerability, attackers can trick users into trusting harmful websites (phishing) or bypass access controls to reach restricted parts of your app, potentially leading to data theft or account compromise.