Open redirection or URL redirection vulnerabilities occur when a web application takes user-controllable input and uses it to perform a redirection, directing the user’s browser to visit a different URL than the one requested (the original domain).
These security vulnerabilities regularly are of much less interest to an attacker than cross-site scripting, which can be used to perform a much wider range of malicious actions. URL redirection issues are primarily of use in phishing attacks in which an attacker seeks to induce a victim to visit a spoofed website and enter sensitive details.
