[Security] Open Redirect Vulnerability (CVSS 4.3)
Discoverer: icysun (icysun@qq.com)
Summary
Open redirect vulnerability in JPress WechatAuthorizationController. The goto parameter is not validated before being used in redirect responses.
Root Cause
WechatAuthorizationController.java:77,125,144 — goto parameter passed directly to redirect without validation.
Attack
/wechat/authorization?goto=https://evil.com -> WeChat OAuth callback -> redirect to attacker URL
Precondition
None (no authentication required)
Impact
Phishing attacks, OAuth code theft
Recommended Fix
Validate goto parameter against an allowlist of allowed domains or paths. Reject URLs with external domains.
Full report and PoC available upon request. Please move to private if preferred.
I am requesting a CVE assignment for this vulnerability.
[Security] Open Redirect Vulnerability (CVSS 4.3)
Discoverer: icysun (icysun@qq.com)
Summary
Open redirect vulnerability in JPress WechatAuthorizationController. The
gotoparameter is not validated before being used in redirect responses.Root Cause
WechatAuthorizationController.java:77,125,144— goto parameter passed directly to redirect without validation.Attack
/wechat/authorization?goto=https://evil.com-> WeChat OAuth callback -> redirect to attacker URLPrecondition
None (no authentication required)
Impact
Phishing attacks, OAuth code theft
Recommended Fix
Validate
gotoparameter against an allowlist of allowed domains or paths. Reject URLs with external domains.Full report and PoC available upon request. Please move to private if preferred.
I am requesting a CVE assignment for this vulnerability.