19 matches found
EUVD-2025-19213
Malicious code in bioql PyPI...
CVE-2025-6701
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirecturl leads to open redirect. The attack may be initiated remotely. The exploit has...
Xuxueli XXL-SSO Cross-site Scripting vulnerability
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
XXL SSO is vulnerable to an Open Redirect through malicious manipulation of the redirect_url argument
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirecturl leads to open redirect. The attack may be initiated remotely. The exploit has...
GHSA-2JFG-73Q2-24QV Xuxueli XXL-SSO Cross-site Scripting vulnerability
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
GHSA-R26V-98QJ-48Q9 XXL SSO is vulnerable to an Open Redirect through malicious manipulation of the redirect_url argument
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirecturl leads to open redirect. The attack may be initiated remotely. The exploit has...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the errorMsg parameter in the /xxl-sso-server/login process. An attacker can inject and execute arbitrary scripts in the context of a user's browser by crafting a malicious request. Details Cross-site...
Open Redirect
Overview Affected versions of this package are vulnerable to Open Redirect via the redirecturl parameter in the /xxl-sso-server/doLogin and /xxl-sso-server/login endpoints. An attacker can redirect users to arbitrary external sites by crafting a malicious link and tricking authenticated users int...
CVE-2025-6701
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirecturl leads to open redirect. The attack may be initiated remotely. The exploit has...
CVE-2025-6700
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-6700
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-6701 Xuxueli xxl-sso doLogin redirect
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirecturl leads to open redirect. The attack may be initiated remotely. The exploit has...
CVE-2025-6701 Xuxueli xxl-sso doLogin redirect
A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the argument redirecturl leads to open redirect. The attack may be initiated remotely. The exploit has...
CVE-2025-6701
CVE-2025-6701 affects Xuxueli xxl-sso 1.1.0. The vulnerability is an open redirect caused by manipulating the redirect_url parameter in /xxl-sso-server/doLogin, with remote attack potential. Public disclosures and PoCs exist; exploitation status varies by source. Remediation: upgrade to com.xuxue...
CVE-2025-6700 Xuxueli xxl-sso login cross site scripting
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-6700 Xuxueli xxl-sso login cross site scripting
A vulnerability classified as problematic was found in Xuxueli xxl-sso 1.1.0. This vulnerability affects unknown code of the file /xxl-sso-server/login. The manipulation of the argument errorMsg leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to...
CVE-2025-6700
CVE-2025-6700 affects Xuxueli xxl-sso 1.1.0. A flaw in the /xxl-sso-server/login endpoint allows manipulation of the errorMsg parameter to trigger cross-site scripting (XSS). Impact is remote attackers could execute scripts in a user’s browser; multiple sources report public PoC/disclosure and on...
PT-2025-26989 · Xuxueli · Xuxueli Xxl-Sso
Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-sso version 1.1.0 Description: A problematic issue was found in the software, affecting the /xxl-sso-server/login file. The manipulation of the errorMsg argument leads to cross-site scripting. The attack can be initiated remotely...
PT-2025-27000 · Xuxueli · Xuxueli Xxl-Sso
Name of the Vulnerable Software and Affected Versions: Xuxueli xxl-sso version 1.1.0 Description: A problematic issue has been found in the software, affecting the processing of the file /xxl-sso-server/doLogin. The manipulation of the redirect url argument leads to an open redirect. This issue c...