Document Object Model based open redirection occurs when a script writes controllable data into the target of a redirection in an unsecured way. An attacker can use this vulnerability to construct a custom URL. If the URL is visited by another application user, it will cause a redirection to a target external domain. This web application uses Document Object Model input values to store the address of the page in which the client is to be redirected. An unvalidated redirection can occur when the attacker is able to modify the affected parameter value and can control the location of the redirection.
This vulnerability can has the following impacts:-
This vulnerability can be fixed by:-