Unvalidated Redirection

Impact: High


Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. OWASP


Use a mapping between user input and redirection target. You can also use a white-list for user input. If none is applicable, notify the user before redirection.


Last updated on February 15, 2021

This issue is available in SmartScanner Professional

See Pricing