flask-multipass@0.4 vulnerabilities

A pluggable solution for multi-backend authentication with Flask

Direct Vulnerabilities

Known vulnerabilities in the flask-multipass package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

Flask-Multipass is an A pluggable solution for multi-backend authentication with Flask

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the redirection to the next URL during the account creation process. An attacker can manipulate the URL to inject malicious scripts by crafting a link that includes a next parameter with a script and convincing a user to follow it during account creation.

Notes: This is only exploitable if the user is creating a new account.

How to fix Cross-site Scripting (XSS)?

Upgrade Flask-Multipass to version 0.5.5 or higher.

[,0.5.5)