Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.
"https://github.com/pypa/advisory-database/blob/main/vulns/web2py/PYSEC-2026-1060.yaml"