Open redirects, just as the name suggests, essentially redirect the user to a random website. These are also often referred to as Cross-Site Redirects (XSR) and they happen via your web application's URL.

Once a hacker is successful with a redirect, they can use it for a host of attacks, including spam and phishing. A hacker could also ride on your web application to serve malware to others. 

XSR threats have more affinity toward web apps that make use of URL redirects through query strings and/or data in the form of an HTTP request.