Open Redirection (DOM based)

Severity: Medium
Summary#

Invicti detected a DOM based Open Redirection vulnerability. Open redirect occurs when a web page is being redirected to another URL in another domain via a user-controlled input.

Impact#
An attacker can use this vulnerability to redirect users to other malicious websites, which can be used for phishing and similar attacks.
Remediation#
  • Where possible, do not use users' input for URLs.
  • If you definitely need dynamic URLs, use whitelisting. Make a list of valid, accepted URLs and do not accept other URLs.
  • Ensure that you only accept URLs those are located on the trusted domains.
OR

Search Vulnerability

Tags

DOM

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works