If a URL pattern like yoursite.com/redirect?url=anywhere.com sends visitors straight to anywhere.com with no validation, attackers use it to construct phishing links that LOOK like they start on your trusted domain — the visitor sees your domain name right up until the moment they land somewhere malicious.
If a URL like yoursite.com/redirect?url=anywhere.com sends visitors straight to anywhere.com with no validation, attackers use it to make phishing links look like they start on your trusted domain.
No redirect endpoint on your site will send a visitor to an arbitrary external URL without validation against a known-safe allowlist.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →