Python Flask-Security-Too <=5.3.2 - Open Redirect

An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks NVD...

DRUPAL-CONTRIB-2026-008

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...

PT-2026-6344

The Login Disable module prevents users from logging in to your Drupal site unless they know the access key to add to the end of the login form page. default: If they provide the access key and have a specific role they can log in. The module does not check for the access key when using the HTTP...

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

SUSE CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

GHSA-672H-6X89-76M5 Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

PT-2023-8085

Name of the Vulnerable Software and Affected Versions Flask-Security-Too versions =2.1.0 may impact applications that were previously not affected, as the autocorrect location header configuration was changed to False, making location headers in redirects relative by default. Recommendations For...