Skip to content
← Back to Glossary
Input Validation Checked by Vezraa

Open Redirect

A redirect endpoint that forwards users to arbitrary URLs without validation.

Open redirect vulnerabilities allow attackers to use your trusted domain in phishing URLs. The URL shows yourdomain.com but redirects to evil.com. Common in ?next=, ?redirect=, ?url= parameters. Validate redirect targets against an allowlist.

Related Terms

See this vulnerability in the database

See if your app is vulnerable

Vezraa checks for this security issues. Scan in 25 seconds.

Open Redirect — Security Glossary | Vezraa