An open redirect is where your application redirects the user to a URL supplied from an untrusted source, without checking the validity of that URL.
Open redirects are often used in phishing attacks - attacks where malicious links are sent out in emails, in an attempt to trick users into visiting a harmful site.
By sending out a link that points to your website but immediately redirects to a malicious site, attackers can circumvent anti-phishing measures put in in place by email providers.
This kind of attack can damage the trust your users have in your site since you appear to be the malicious actor. Let's see how the attack works.