{"id":7266,"date":"2025-06-26T12:11:45","date_gmt":"2025-06-26T12:11:45","guid":{"rendered":"http:\/\/localhost\/?p=7266"},"modified":"2025-06-26T12:11:45","modified_gmt":"2025-06-26T12:11:45","slug":"xuxueli-xxl-sso-login-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7266","title":{"rendered":"Xuxueli xxl-sso login cross site scripting"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nXuxueli xxl-sso login cross site scripting<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-06-26T15:31:13.903Z<\/td>\n<\/tr>\n
Last Seen<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nXuxueli<\/td>\n<\/tr>\n
Product<\/th>\nxxl-sso<\/td>\n<\/tr>\n
Version<\/th>\n1.1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:P\/VC:N\/VI:L\/VA:N\/SC:N\/SI:N\/SA:N\/E:P<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\n<\/td>\n<\/tr>\n
Integrity Impact<\/th>\n<\/td>\n<\/tr>\n
Availability Impact<\/th>\n<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nA cross-site scripting (XSS) vulnerability was discovered in Xuxueli’s xxl-sso server version 1.1.0. This vulnerability allows remote attackers to inject malicious scripts via the ‘errorMsg’ parameter in the login functionality. The exploit is publicly known, and the vendor has not responded to disclosure attempts.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
Vendor<\/th>\nXuxueli<\/td>\n<\/tr>\n
Product<\/th>\nxxl-sso server<\/td>\n<\/tr>\n
Affected Version<\/th>\n1.1.0<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n