-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is an open redirect triggered by the xerror parameter when RequiresHTMLConversion is also present. The provided commit patch shows modifications primarily in DefaultRequestParameterConverter.java within the handleConversionErrors method. This method is responsible for constructing and performing a redirect when an HTML conversion error occurs. The patch explicitly adds a call to urlSecurityManager.parseToSafeURI to validate the redirect URL before calling sendRedirect. This indicates that the handleConversionErrors method was the point where the unvalidated redirect occurred, making it the vulnerable function. Other modified files relate to the URLSecurityManager and its default implementation, which were enhanced to support the fix (validating against the current request's domain), but the vulnerability itself was in how DefaultRequestParameterConverter.handleConversionErrors used or rather, didn't use, such validation for the redirect URL derived from user input.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.xwiki.platform:xwiki-platform-wysiwyg-api | maven | >= 13.5-rc-1, < 15.10.13 | 15.10.13 |
| org.xwiki.platform:xwiki-platform-wysiwyg-api | maven | >= 16.0.0-rc-1, < 16.4.4 | 16.4.4 |
| org.xwiki.platform:xwiki-platform-wysiwyg-api | maven | >= 16.5.0-rc-1, < 16.8.0 | 16.8.0 |
A Semantic Attack on Google Gemini - Read the Latest Research