Lucene search
K

100 matches found

OSV
OSV
added 2023/12/27 12:30 a.m.16 views

GHSA-672H-6X89-76M5 Open redirect vulnerability in Flask-Security-Too

An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...

6.1CVSS6AI score0.01079EPSS
Exploits1References6
NVD
NVD
added 2023/12/26 10:15 p.m.27 views

CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

6.1CVSS0.01079EPSS
Exploits1References4
PyPA
PyPA
added 2023/12/26 10:15 p.m.6 views

PYSEC-2023-248

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

6.1CVSS6.8AI score0.01079EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2023/12/26 12:0 a.m.30 views

CVE-2023-49438

An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...

6.2AI score0.01079EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.3 views

Flask Middleware Flask-security Security Vulnerabilities

Flask Middleware Flask-security is a Python-based codebase from the Flask Middleware organization that provides security features for Flask applications. Flask Middleware Flask-security A security vulnerability exists in Flask-Security-Too 5.3.2 and earlier versions that originates from a...

6.1CVSS6.5AI score0.01079EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/12/15 12:0 a.m.5 views

PT-2023-8085

Name of the Vulnerable Software and Affected Versions Flask-Security-Too versions =2.1.0 may impact applications that were previously not affected, as the autocorrect location header configuration was changed to False, making location headers in redirects relative by default. Recommendations For...

6.4CVSS6.6AI score0.01079EPSS
Exploits1References26
ATTACKERKB
ATTACKERKB
added 2023/12/09 7:15 a.m.3 views

CVE-2023-28874

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites...

6.1CVSS6AI score0.00451EPSS
Exploits1References3
OSV
OSV
added 2023/09/19 1:16 p.m.3 views

CVE-2023-23957

An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4...

5.4CVSS5.8AI score0.00272EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.2 views

SUSE CVE-2020-29565

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

6.1CVSS6.9AI score0.014EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.1 views

SUSE CVE-2021-32618

The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....

6.1CVSS6.7AI score0.03289EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/09/13 9:15 p.m.1 views

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

6.1CVSS5.8AI score0.00365EPSS
Exploits0References2
OSV
OSV
added 2022/09/13 9:15 p.m.4 views

CVE-2022-39814

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...

6.1CVSS5.8AI score0.00365EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/09/11 12:0 a.m.6 views

PT-2022-17191 · Gophish · Gophish

Name of the Vulnerable Software and Affected Versions: gophish versions prior to 0.12.0 Description: The issue exists in the next query parameter, where the application uses url.Parser.FormValue"next" to extract the path and redirect the user to a relative URL. However, if the next parameter star...

5.4CVSS6.8AI score0.00542EPSS
Exploits1References11
Huntr
Huntr
added 2022/07/11 3:37 p.m.194 views

Open redirect when login successfully

Description Open redirect when login successfully via next parameter Proof of Concept POST /login?next=https://www.google.com/open-redirect HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=EUjtgvt3A20lSHYbTxBvfAxQi5gNHHzeI7Bda1HOGnWCioMA6cwQqYWXv8ONog4k User-Agent: Mozilla/5.0 Windows NT 10....

1.9AI score
Exploits0References1
OSV
OSV
added 2022/06/09 4:15 a.m.3 views

CVE-2022-32195

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...

6.1CVSS5.8AI score0.02301EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 4:15 a.m.1 views

CVE-2022-32195

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...

6.1CVSS5.2AI score0.02301EPSS
Exploits0References4
OSV
OSV
added 2022/05/17 2:53 a.m.16 views

GHSA-J6JQ-3Q8P-XGG6 Netflix Security Monkey Open Redirect vulnerability

Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...

6.1CVSS6.2AI score0.00957EPSS
Exploits0References6
Snyk
Snyk
added 2022/02/17 7:58 a.m.3 views

Open Redirect

Overview github.com/gophish/gophish/controllers is a package middleware is responsible for the definition/​implementation of middleware functionality. Affected versions of this package are vulnerable to Open Redirect. The Open Redirect vulnerability exists in the next query parameter. The...

5.4CVSS6.8AI score0.00542EPSS
Exploits1References2
Snyk
Snyk
added 2022/02/17 7:58 a.m.2 views

Open Redirect

Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Open Redirect. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parser.FormValue"next" to extract path and eventually redirect user to a relative...

5.4CVSS6.7AI score0.00542EPSS
Exploits1References2
OSV
OSV
added 2021/12/14 6:14 p.m.2 views

GHSA-GXJJ-F44V-QM94 Open Redirect in Flask-Security-Too

Withdrawn Duplicate of GHSA-6qmf-fj6m-686c Original description Flask-Security-Too allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc...

3.1CVSS5.8AI score0.03289EPSS
Exploits0References3
Rows per page
Query Builder