Input Validation Checked by Vezraa
Open Redirect
A redirect endpoint that forwards users to arbitrary URLs without validation.
Open redirect vulnerabilities allow attackers to use your trusted domain in phishing URLs. The URL shows yourdomain.com but redirects to evil.com. Common in ?next=, ?redirect=, ?url= parameters. Validate redirect targets against an allowlist.