diff --git a/typo3/sysext/felogin/Classes/Controller/LoginController.php b/typo3/sysext/felogin/Classes/Controller/LoginController.php
index 9e4289d3397cbdddc562a16c3fbe1430cd0ca177..80105916dfb25673092fd43e86ec717143daeb95 100644
--- a/typo3/sysext/felogin/Classes/Controller/LoginController.php
+++ b/typo3/sysext/felogin/Classes/Controller/LoginController.php
@@ -31,6 +31,7 @@ use TYPO3\CMS\FrontendLogin\Event\LogoutConfirmedEvent;
 use TYPO3\CMS\FrontendLogin\Event\ModifyLoginFormViewEvent;
 use TYPO3\CMS\FrontendLogin\Redirect\RedirectHandler;
 use TYPO3\CMS\FrontendLogin\Service\UserService;
+use TYPO3\CMS\FrontendLogin\Validation\RedirectUrlValidator;
 
 /**
  * Used for plugin login
@@ -52,6 +53,7 @@ class LoginController extends AbstractLoginFormController
     public function __construct(
         protected RedirectHandler $redirectHandler,
         protected UserService $userService,
+        protected RedirectUrlValidator $redirectUrlValidator,
         protected Context $context
     ) {
         $this->userAspect = $context->getAspect('frontend.user');
@@ -107,7 +109,7 @@ class LoginController extends AbstractLoginFormController
                 'permaloginStatus' => $this->getPermaloginStatus(),
                 'redirectURL' => $this->redirectHandler->getLoginFormRedirectUrl($this->request, $this->configuration, $this->isRedirectDisabled()),
                 'redirectReferrer' => $this->request->hasArgument('redirectReferrer') ? (string)$this->request->getArgument('redirectReferrer') : '',
-                'referer' => (string)($this->request->getParsedBody()['referer'] ?? $this->request->getQueryParams()['referer'] ?? ''),
+                'referer' => $this->getRefererForLoginForm(),
                 'noRedirect' => $this->isRedirectDisabled(),
                 'requestToken' => RequestToken::create('core/user-auth/fe')
                     ->withMergedParams(['pid' => implode(',', $this->getStorageFolders())]),
@@ -168,6 +170,32 @@ class LoginController extends AbstractLoginFormController
         return $this->htmlResponse();
     }
 
+    /**
+     * Determines the `referer` variable used in the login form for loginMode=referer depending on the
+     * following evaluation order:
+     *
+     * - HTTP POST parameter `referer`
+     * - HTTP GET parameter `referer`
+     * - HTTP_REFERER
+     *
+     * The evaluated `referer` is only returned, if it is considered as valid.
+     */
+    protected function getRefererForLoginForm(): string
+    {
+        $referer = (string)(
+            $this->request->getParsedBody()['referer'] ??
+            $this->request->getQueryParams()['referer'] ??
+            $this->request->getServerParams()['HTTP_REFERER'] ??
+            ''
+        );
+
+        if ($this->redirectUrlValidator->isValid($this->request, $referer)) {
+            return $referer;
+        }
+
+        return '';
+    }
+
     /**
      * Handles the redirect when $this->redirectUrl is not empty
      */
diff --git a/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php b/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php
index 0f0fa3f5680fa58dbb38a1104bf1b7fc52a0f777..3a9e7e07b6d44a0b0201b9d8d1f8bb6272f31a01 100644
--- a/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php
+++ b/typo3/sysext/felogin/Classes/Redirect/RedirectModeHandler.php
@@ -186,9 +186,6 @@ class RedirectModeHandler
     {
         $referer = '';
         $requestReferer = (string)($request->getParsedBody()['referer'] ?? $request->getQueryParams()['referer'] ?? '');
-        if ($requestReferer === '') {
-            $requestReferer = $request->getServerParams()['HTTP_REFERER'] ?? '';
-        }
 
         if ($this->redirectUrlValidator->isValid($request, $requestReferer)) {
             $referer = $requestReferer;