reflex-dev/reflex has an Open Redirect vulnerability
Phishing/Social Engineering Attacks Users can be exploited by immediately redirecting from a trusted domain to external malicious sites, taking advantage of user trust. This enables login page spoofing, credential harvesting, and redirection to malware distribution pages. Authentication/Session Flow Disruption When users with valid sessions/cookies from the same origin click the link, they are redirected to unintended external domains, which can bypass or disrupt authentication/authorization flows. When combined with redirect-based flows …