CVE-2023-49438

MEDIUM WAF: Medium

CVSS 6.1 Published: 2023-12-26

CWE-601

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.

WAF Coverage Analysis

Open Redirect Medium WAF Coverage

OWASP: A01:2021 Broken Access Control

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
flask-security-too_project	flask-security-too	up to 5.3.2

References

github.com (Product)
github.com (Exploit, Mitigation, Third Party Advisory)
lists.fedoraproject.org
lists.fedoraproject.org

Back to CVE Database