Arbitrary Page Redirects are possible when a web application could redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may launch a phishing scam and steal user credentials.


  • Visualforce page
  • Visualforce components
  • Apex controllers
Did this answer your question?