CVSS 3.1 Score 6.1 of 10 (medium)


Published Dec 26, 2023
Updated: Jan 14, 2024
CWE ID 601


CVE-2023-49438 is an open redirect vulnerability found in the python package Flask-Security-Too version 5.3.2 and below. This vulnerability allows attackers to redirect unsuspecting users to malicious sites by manipulating the ?next parameter on the /login and /register routes. The vulnerability affects multiple products, including uIVcVe, uIVcVf, g7Idh5, and g7Idh4, among others. The risk score of this vulnerability is 28, with a base severity of MEDIUM. To remediate this issue, users should update Flask-Security-Too to a version higher than 5.3.2. The danger posed by this vulnerability lies in the potential for attackers to trick users into visiting malicious websites, which could result in unauthorized access or data theft.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-49438 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options