This repository was archived by the owner on Dec 30, 2025. It is now read-only.
This repository was archived by the owner on Dec 30, 2025. It is now read-only.
Open redirect on the login page. #229
Description
The location redirect on the login page doesn't check whether the redirect is local and will send the user to any URL.
An example of the redirect is http://www.4clojure.com/login?location=http%3A%2F%2Fwww.google.com
To see more information about this vulnerability see the OWASP Top 10: https://www.owasp.org/index.php/Top_10_2010-A10