diff --git a/app/auth/views/fido.py b/app/auth/views/fido.py
index 4258870f..eba5ea5c 100644
--- a/app/auth/views/fido.py
+++ b/app/auth/views/fido.py
@@ -23,6 +23,7 @@ from app.db import Session
 from app.extensions import limiter
 from app.log import LOG
 from app.models import User, Fido, MfaBrowser
+from app.utils import sanitize_next_url
 
 
 class FidoTokenForm(FlaskForm):
@@ -54,7 +55,7 @@ def fido():
     auto_activate = True
     fido_token_form = FidoTokenForm()
 
-    next_url = request.args.get("next")
+    next_url = sanitize_next_url(request.args.get("next"))
 
     if request.cookies.get("mfa"):
         browser = MfaBrowser.get_by(token=request.cookies.get("mfa"))
diff --git a/app/auth/views/github.py b/app/auth/views/github.py
index abc2df2b..3f272a32 100644
--- a/app/auth/views/github.py
+++ b/app/auth/views/github.py
@@ -7,7 +7,7 @@ from app.config import GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, URL
 from app.db import Session
 from app.log import LOG
 from app.models import User, SocialAuth
-from app.utils import encode_url, sanitize_email
+from app.utils import encode_url, sanitize_email, sanitize_next_url
 
 _authorization_base_url = "https://github.com/login/oauth/authorize"
 _token_url = "https://github.com/login/oauth/access_token"
@@ -19,7 +19,7 @@ _redirect_uri = URL + "/auth/github/callback"
 
 @auth_bp.route("/github/login")
 def github_login():
-    next_url = request.args.get("next")
+    next_url = sanitize_next_url(request.args.get("next"))
     if next_url:
         redirect_uri = _redirect_uri + "?next=" + encode_url(next_url)
     else:
@@ -97,6 +97,6 @@ def github_callback():
         Session.commit()
 
     # The activation link contains the original page, for ex authorize page
-    next_url = request.args.get("next") if request.args else None
+    next_url = sanitize_next_url(request.args.get("next")) if request.args else None
 
     return after_login(user, next_url)
diff --git a/app/auth/views/mfa.py b/app/auth/views/mfa.py
index b9f0214a..af915134 100644
--- a/app/auth/views/mfa.py
+++ b/app/auth/views/mfa.py
@@ -19,6 +19,7 @@ from app.db import Session
 from app.email_utils import send_invalid_totp_login_email
 from app.extensions import limiter
 from app.models import User, MfaBrowser
+from app.utils import sanitize_next_url
 
 
 class OtpTokenForm(FlaskForm):
@@ -48,7 +49,7 @@ def mfa():
         return redirect(url_for("auth.login"))
 
     otp_token_form = OtpTokenForm()
-    next_url = request.args.get("next")
+    next_url = sanitize_next_url(request.args.get("next"))
 
     if request.cookies.get("mfa"):
         browser = MfaBrowser.get_by(token=request.cookies.get("mfa"))
diff --git a/app/auth/views/recovery.py b/app/auth/views/recovery.py
index 31a9ebcd..9e620e9f 100644
--- a/app/auth/views/recovery.py
+++ b/app/auth/views/recovery.py
@@ -11,6 +11,7 @@ from app.email_utils import send_invalid_totp_login_email
 from app.extensions import limiter
 from app.log import LOG
 from app.models import User, RecoveryCode
+from app.utils import sanitize_next_url
 
 
 class RecoveryForm(FlaskForm):
@@ -37,7 +38,7 @@ def recovery_route():
         return redirect(url_for("auth.login"))
 
     recovery_form = RecoveryForm()
-    next_url = request.args.get("next")
+    next_url = sanitize_next_url(request.args.get("next"))
 
     if recovery_form.validate_on_submit():
         code = recovery_form.code.data
diff --git a/app/dashboard/views/enter_sudo.py b/app/dashboard/views/enter_sudo.py
index 6d388bdf..d45f5c00 100644
--- a/app/dashboard/views/enter_sudo.py
+++ b/app/dashboard/views/enter_sudo.py
@@ -8,6 +8,7 @@ from wtforms import PasswordField, validators
 
 from app.dashboard.base import dashboard_bp
 from app.log import LOG
+from app.utils import sanitize_next_url
 
 _SUDO_GAP = 900
 
@@ -28,7 +29,7 @@ def enter_sudo():
             session["sudo_time"] = int(time())
 
             # User comes to sudo page from another page
-            next_url = request.args.get("next")
+            next_url = sanitize_next_url(request.args.get("next"))
             if next_url:
                 LOG.d("redirect user to %s", next_url)
                 return redirect(next_url)
diff --git a/app/oauth/views/authorize.py b/app/oauth/views/authorize.py
index 49941836..3e41a6e8 100644
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@@ -30,7 +30,7 @@ from app.oauth_models import (
     SUPPORTED_OPENID_FLOWS_STR,
     response_types_to_str,
 )
-from app.utils import random_string, encode_url
+from app.utils import random_string, encode_url, sanitize_next_url
 
 
 @oauth_bp.route("/authorize", methods=["GET", "POST"])
@@ -45,7 +45,7 @@ def authorize():
     oauth_client_id = request.args.get("client_id")
     state = request.args.get("state")
     scope = request.args.get("scope")
-    redirect_uri = request.args.get("redirect_uri")
+    redirect_uri = sanitize_next_url(request.args.get("redirect_uri"))
     response_mode = request.args.get("response_mode")
     nonce = request.args.get("nonce")