Description

This script is possibly vulnerable to URL redirection attacks.

URL redirection is sometimes used as a part of phishing attacks that confuse visitors about which web site they are visiting.

Remediation

Your script should properly sanitize user input.

References

Unvalidated Redirects and Forwards Cheat Sheet

HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics

Related Vulnerabilities

WordPress Plugin WooCommerce Open Redirect (3.7.0)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.1)

Drupal Core 7.x Open Redirect (7.0 - 7.40)

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.13)

Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25608)

Severity

Medium

Classification

CWE-601 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Url Redirection