Unvalidated Redirection

Impact: High


Unvalidated redirects and forwards occur when a web application accepts untrusted input that could redirect the user to a URL provided within the input. Attackers exploit this vulnerability by manipulating the URL input to redirect users to malicious sites, leading to phishing scams and credential theft.


To prevent unvalidated redirection attacks, implement a mapping between user input and redirection targets. Utilize whitelists to validate user input for redirection. If validation fails, notify the user before redirection to ensure they are aware of the destination.


Last updated on May 13, 2024

This issue is available in SmartScanner Professional

See Pricing