Description
This script is vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user.
The server opens arbitrary URLs and puts the content retrieved from the URL into the response without filtering.
Remediation
Your server side code should verify if the URL from the user input is allowed to be retrieved and displayed or filter the response from the URL according to the context in which it is displayed.
References
Acunetix Cross Site Scripting Attack
VIDEO: How Cross-Site Scripting (XSS) Works
Related Vulnerabilities
WordPress Plugin Related Posts for WordPress Cross-Site Scripting (1.8.1)
WordPress 6.0.x Cross-Site Scripting (6.0 - 6.0.7)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Scripting (2.3.1)
WordPress Plugin WP Easy Gallery 'select_gallery' Parameter Cross-Site Scripting (1.7)
WordPress Plugin AGP Font Awesome Collection Cross-Site Scripting (2.7.2)