Open Redirect

Open redirect occurs when an application redirects users based on unvalidated or weakly validated URL parameters. Attackers may abuse this behavior to make phishing links appear trusted, bypass security filters, steal credentials, or support social engineering campaigns. While open redirect severity depends on context, it becomes more impactful when used in login flows, OAuth redirects, password reset links, payment journeys, or enterprise authentication systems.