| Details | |
|---|---|
| Alert ID | 210002-1 |
| Alert Type | Tool |
| Status | alpha |
| Risk | Low |
| CWE | 601 |
| WASC | |
| Technologies Targeted | All |
| Tags |
CWE-601 OWASP_2021_A01 OWASP_2025_A01 TOOL_PTK |
Summary
Tainted URL used in window.open (possible open redirect). Generated by OWASP PTK IAST Module
Solution
• Allow-list redirect targets and reject external/absolute URLs from untrusted input. • Map inputs to known routes instead of redirecting directly.Other Info
References
- https://owasp.org/www-community/attacks/Unvalidated_Redirects_and_Forwards_Cheat_Sheet
- https://cwe.mitre.org/data/definitions/601.html