Primary

Context

JoeyBling Bootplus Open Redirect Vulnerability in QrCodeController

Vulnerability

An open redirect vulnerability has been identified in JoeyBling Bootplus versions prior to commit 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. The issue arises in the qrCode function of the QrCodeController.java file, where the text parameter is not properly validated. This lack of restriction allows attackers to create QR codes that direct users to malicious URLs. The vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows for open redirect, where users can be sent to an untrusted site under the guise of a trusted one.

Reproduction

To reproduce this vulnerability, send a request to the '/share/qrcode' endpoint with a 'text' parameter that includes a URL. The generated QR code will redirect to the specified URL, demonstrating the open redirect vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

JoeyBling Bootplus Open Redirect Vulnerability in QrCodeController

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating