An Open Redirect vulnerability enables attacker to redirect the victims/users to malicious websites.
The bug exists due to improper fix of https://huntr.dev/bounties/c9d586e7-0fa1-47ab-a2b3-b890e8dc9b25/.
By adding an extra slash /
the previous fix can be bypassed.
Visit https://demo.microweber.org/demo/api/logout?redirect_to=https:///evil.com
The above url will redirect you to evil.com
This issue can be leveraged to phishing attacks.