An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on the /login and /register routes.
The Python "Flask-Security-Too" package is used for adding security features to your Flask application. It is an is an independently maintained version of Flask-Security based on the 3.0.0 version of Flask-Security. All versions of Flask-Security-Too allow redirects after many successful views by honoring the ?next query param. There is code in FS to validate that the url specified in the next parameter is either relative OR has the same netloc …
Cross-Site Request Forgery in Flask-Security-Too.
In Flask-Security-Too, the /login and /change endpoints can return the authenticated user's authentication token in response to a GET request.