Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/tags_controller.rb:295

redirect_to("#{Discourse.base_uri}/tags#{Permalink.find_by_url(("c/#{params[:parent_category]}/#{params[:category]}" or "c/#{params[:category]}")).target_url}/#{params[:tag_id]}", :status => :moved_permanently)

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/tags_controller.rb or mark it as false positive.