A web application has a redirection weakness if it takes user input without sufficient sanitization to redirect the user to another resource. This kind of weakness does not harm the application itself. However a phisher may use this to obscure the actual target of a link.