Arbitrary Page Redirects are possible when a web application could redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may launch a phishing scam and steal user credentials.


  • Visualforce page

  • Visualforce components

  • Apex controllers

Did this answer your question?