If no validation is applied, a malicious user could create a hyperlink to redirect your users to an unvalidated malicious website, for example: ASP .NET MVC 1 & 2 websites are particularly vulnerable ...