[https://█████████/]&&[https://█████████/] Open Redirection

***Summary*** Hi Team, An attacker can redirect vicitm on an external website using ``https://████/account/login`` endpoint because ``next`` parameter is not being validated properly. ***Affected URL*** `https://███/account/login/?next=///////////////////////////evil.com` ***Steps to Reproduce*** 1) Go https://████/account/login/?next=%2Fapp%2F . 2) Add this payload `////////////////////////////evil.com` to the `?next=` parameter . 3) Registeran account in the normal way . 4) You will be redirected to evil.com website . ***POC*** {F467696} ***References*** * https://hackerone.com/reports/347645 * https://hackerone.com/reports/125003 * https://hackerone.com/reports/411723 ## Impact * Open redirects allow a malicious attacker to redirect people unknowingly to a malicious website . * Simplifies phishing attacks .