This vulnerability occurs when an application accepts untrusted input that has an URL value without sanitizing it. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to use unauthorized pages. Developers can prevent the weakness by approving client input and confirming the URL being referred to is really an endorsed target URL. For every use, distinguish if the objective URL is incorporated into any parameter values. Provided that this is true, if the. objective URL isnt approved against a white list, you are vulnerable.”]
Source: https://gbhackers.com/owasp-a10-unvalidated-redirects-forwards/