Loading HuntDB...

GHSA-jp55-vvmf-63mv

GitHub Security Advisory

URL Redirection to Untrusted Site ('Open Redirect')

✓ GitHub Reviewed MODERATE Has CVE

Advisory Details

### Impact
There's no protection against URL redirection to untrusted site, in particular some well known parameters (xredirect) can be used to perform such redirections.

### Patches
The problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1.

### Workarounds
There's no known workaround for this issue.

### References
https://jira.xwiki.org/browse/XWIKI-10309

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [JIRA](https://jira.xwiki.org)
* Email us at [Security ML](mailto:[email protected])

Affected Packages

Maven org.xwiki.platform:xwiki-platform-oldcore
Affected versions: 0 (fixed in 12.10.7)
Maven org.xwiki.platform:xwiki-platform-oldcore
Affected versions: 13.0.0 (fixed in 13.3RC1)

Related CVEs

Key Information

GHSA ID
GHSA-jp55-vvmf-63mv
Published
February 9, 2022 9:42 PM
Last Modified
February 9, 2022 9:42 PM
CVSS Score
5.0 /10
Primary Ecosystem
Maven
Primary Package
org.xwiki.platform:xwiki-platform-oldcore
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.