Open redirect is a vulnerability that occurs when an application can redirect the users to a URL contained within untrusted input. By modifying the untrusted input to a malicious site, an attacker may launch a phishing scam and steal user credentials.

Increased risk of data breaches, financial loss, and reputational harm. Eroding customer trust and confidence.