CNNVD-202506-3342 Information

Jun 26, 2025 cve

CNNVD ID

CNNVD-202506-3342

CVE-2025-6701

  • CNNVD Published: 2025-06-26

Description (Chinese)

xxl-sso是许雪里个人开发者的一个分布式单点登录框架。 xxl-sso 1.1.0版本存在输入验证错误漏洞,该漏洞源于对文件/xxl-sso-server/doLogin中参数redirect_url的错误操作,导致开放重定向。

Description (English)

xxl-sso is a distributed single point log-in framework for individual developers in Xuxi. Version xxl-sso 1.1.0 contains an input authentication error loophole that results from an error in the argument redirect url in file/xxl-sso-server/doLogin, leading to an open redirection.

Hazard Level

Critical

Vulnerability Type

输入验证错误

Affected Vendor

Live Support

Published

2025-06-26

Last Modified

2026-02-24

References

https://github.com/ShenxiuSec/cve-proofs/blob/main/POC-20250616-02.md https://vuldb.com/?ctiid.313967 https://vuldb.com/?id.313967 https://vuldb.com/?submit.597472

Share on: