Uncontrolled external site redirect
Description
Redirects made by the application are not controlled and could be manipulated by an attacker.
Impact
Redirect users to sites controlled by an attacker.
Recommendation
Use predefined parameters and not information that can be manipulated by the user for redirection to web sites in the application.
Threat
Anonymous attacker from the Internet.
Expected Remediation Time
⏱️ 30 minutes.
Rules
Http Open Redirect In Query ParamsPhp Insecure Redirect Untrusted DataPython Unvalidated Redirect ParamTypescript Dom Open RedirectScala Spring Unsafe Open RedirectPython Django Open RedirectJava Unvalidated Forwards UseScala Use Unvalidated ForwardsPhp Unsafe Open RedirectJavascript Kony Url InjectionPython Fastapi Open RedirectGo Unsafe Open RedirectTypescript Kony Url InjectionPhp Laravel Open RedirectTypescript Express Open RedirectJavascript Dom Open RedirectTypescript Cordova Open RedirectScala Unsafe Open RedirectScala Spring Use Unvalidated ForwardsPython Starlette Open RedirectJavascript Express Open RedirectJava Insecure Redirect Untrusted DataJavascript Cordova Open RedirectRuby Unsafe Open Redirect