GHSA-jp55-vvmf-63mv
GitHub Security Advisory
URL Redirection to Untrusted Site ('Open Redirect')
✓ GitHub Reviewed
MODERATE
Has CVE
Advisory Details
### Impact
There's no protection against URL redirection to untrusted site, in particular some well known parameters (xredirect) can be used to perform such redirections.
### Patches
The problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1.
### Workarounds
There's no known workaround for this issue.
### References
https://jira.xwiki.org/browse/XWIKI-10309
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [JIRA](https://jira.xwiki.org)
* Email us at [Security ML](mailto:[email protected])
Affected Packages
Maven
org.xwiki.platform:xwiki-platform-oldcore
Affected versions:
0
(fixed in 12.10.7)
Maven
org.xwiki.platform:xwiki-platform-oldcore
Affected versions:
13.0.0
(fixed in 13.3RC1)
Related CVEs
Key Information
5.0
/10
Dataset
Last updated: July 28, 2025 6:37 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.