An open redirect issue exists in OPNsense up to and including 20.1.5. The redirect parameter "url" in login page was not filtered and can redirect user to any website.
opnsense opnsense