This vulnerability occurs when a web application relies on the Referer header for redirection without proper validation, allowing attackers to manipulate it and redirect users to malicious websites.<br /><br />Impact:<br /><br />Phishing Attacks: Tricking users into visiting fake or malicious sites.<br />Malware Distribution: Redirecting users to pages hosting malicious software.<br />Session Hijacking: Exploiting trust to steal session tokens or sensitive data.<br />Loss of User Trust: Damaging the application's reputation due to unsafe redirects.<br />Mitigation: Validate and whitelist redirect URLs to ensure they are legitimate. Avoid using the Referer header for critical decisions.
