Unvalidated redirects and forwards, known as Open Redirect, are vulnerabilities where attackers redirect users from trusted websites to untrusted ones, posing a risk primarily for phishing attacks rather than severe threats. Although this vulnerability is uncommon, it is easy to exploit, which increases its potential for abuse, especially in social engineering attacks. Organizations like OWASP highlight its significance, but views differ, with Google not classifying it as a vulnerability, while Facebook does and even offers bug bounties for its discovery. Detectify, a web security scanner, helps identify such vulnerabilities by conducting automated tests on websites against over 700 security issues, including the OWASP Top 10. Remediation strategies include avoiding redirects, not trusting user input for destination URLs, mapping inputs to server-stored values, implementing URL whitelists, or forcing user confirmation before leaving trusted sites.