Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `errorMsg` parameter in the `/xxl-sso-server/login` process. An attacker can inject and execute arbitrary scripts in the context of a user's browser by crafting a malicious request. How to fix Cross-site Scripting (XSS)? Upgrade `com.xuxueli:xxl-sso` to version 1.2.0 or higher.	[,1.2.0)
M Open Redirect Affected versions of this package are vulnerable to Open Redirect via the `redirect_url` parameter in the `/xxl-sso-server/doLogin` and `/xxl-sso-server/login` endpoints. An attacker can redirect users to arbitrary external sites by crafting a malicious link and tricking authenticated users into clicking it. How to fix Open Redirect? Upgrade `com.xuxueli:xxl-sso` to version 1.2.0 or higher.	[,1.2.0)

Cross-site Scripting (XSS)

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the errorMsg parameter in the /xxl-sso-server/login process. An attacker can inject and execute arbitrary scripts in the context of a user's browser by crafting a malicious request.

How to fix Cross-site Scripting (XSS)?

Upgrade com.xuxueli:xxl-sso to version 1.2.0 or higher.

[,1.2.0)

Open Redirect

Affected versions of this package are vulnerable to Open Redirect via the redirect_url parameter in the /xxl-sso-server/doLogin and /xxl-sso-server/login endpoints. An attacker can redirect users to arbitrary external sites by crafting a malicious link and tricking authenticated users into clicking it.

How to fix Open Redirect?

Upgrade com.xuxueli:xxl-sso to version 1.2.0 or higher.

[,1.2.0)

Go back to all versions of this package