GHSA-r26v-98qj-48q9

Suggest an improvement
Source
https://github.com/advisories/GHSA-r26v-98qj-48q9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r26v-98qj-48q9/GHSA-r26v-98qj-48q9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-r26v-98qj-48q9
Aliases
  • CVE-2025-6701
Published
2025-06-26T18:31:28Z
Modified
2025-07-10T18:12:21.630409Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
XXL SSO is vulnerable to an Open Redirect through malicious manipulation of the redirect_url argument
Details

A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirect_url leads to open redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific 
{
    "cwe_ids": [
        "CWE-601"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-10T17:46:54Z",
    "nvd_published_at": "2025-06-26T16:15:36Z",
    "severity": "LOW"
}
References

Affected packages

Maven / com.xuxueli:xxl-sso

Package

Name
com.xuxueli:xxl-sso
View open source insights on deps.dev
Purl
pkg:maven/com.xuxueli/xxl-sso

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
1.1.0

Affected versions

0.*
0.1.0
1.*
1.1.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r26v-98qj-48q9/GHSA-r26v-98qj-48q9.json"