100 matches found
GHSA-672H-6X89-76M5 Open redirect vulnerability in Flask-Security-Too
An open redirect vulnerability in the python package Flask-Security-Too =2.1.0 the autocorrectlocationheader configuration was changed to False - which means that location headers in redirects are relative by default. Thus, this issue may impact applications that were previously not impacted, if...
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
PYSEC-2023-248
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
CVE-2023-49438
An open redirect vulnerability in the python package Flask-Security-Too =5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes...
Flask Middleware Flask-security Security Vulnerabilities
Flask Middleware Flask-security is a Python-based codebase from the Flask Middleware organization that provides security features for Flask applications. Flask Middleware Flask-security A security vulnerability exists in Flask-Security-Too 5.3.2 and earlier versions that originates from a...
PT-2023-8085
Name of the Vulnerable Software and Affected Versions Flask-Security-Too versions =2.1.0 may impact applications that were previously not affected, as the autocorrect location header configuration was changed to False, making location headers in redirects relative by default. Recommendations For...
CVE-2023-28874
The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites...
CVE-2023-23957
An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4...
SUSE CVE-2020-29565
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...
SUSE CVE-2021-32618
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views e....
CVE-2022-39814
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...
CVE-2022-39814
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter...
PT-2022-17191 · Gophish · Gophish
Name of the Vulnerable Software and Affected Versions: gophish versions prior to 0.12.0 Description: The issue exists in the next query parameter, where the application uses url.Parser.FormValue"next" to extract the path and redirect the user to a relative URL. However, if the next parameter star...
Open redirect when login successfully
Description Open redirect when login successfully via next parameter Proof of Concept POST /login?next=https://www.google.com/open-redirect HTTP/2 Host: book.dansmonorage.blue Cookie: csrftoken=EUjtgvt3A20lSHYbTxBvfAxQi5gNHHzeI7Bda1HOGnWCioMA6cwQqYWXv8ONog4k User-Agent: Mozilla/5.0 Windows NT 10....
CVE-2022-32195
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...
CVE-2022-32195
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL...
GHSA-J6JQ-3Q8P-XGG6 Netflix Security Monkey Open Redirect vulnerability
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the "next" parameter which then redirects to any domain irrespective of the Host header...
Open Redirect
Overview github.com/gophish/gophish/controllers is a package middleware is responsible for the definition/implementation of middleware functionality. Affected versions of this package are vulnerable to Open Redirect. The Open Redirect vulnerability exists in the next query parameter. The...
Open Redirect
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Open Redirect. The Open Redirect vulnerability exists in the next query parameter. The application uses url.Parser.FormValue"next" to extract path and eventually redirect user to a relative...
GHSA-GXJJ-F44V-QM94 Open Redirect in Flask-Security-Too
Withdrawn Duplicate of GHSA-6qmf-fj6m-686c Original description Flask-Security-Too allows redirects after many successful views e.g. /login by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc...