Lucene search
SnykCVELIST:CVE-2023-26120HistoryApr 10, 2023 - 5:00 a.m.
CVE-2023-26120
2023-04-1005:00:01
snyk
www.cve.org
cve-2023-26120
html payload
xxl-job-admin/user/add
xxl-job-admin/user/update
security vulnerability
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
0.001 Low
EPSS
Percentile
50.4%
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
CNA Affected
[
{
"product": "com.xuxueli:xxl-job",
"versions": [
{
"version": "0",
"lessThan": "*",
"status": "affected",
"versionType": "semver"
}
],
"vendor": "n/a"
}
]Related
cve
cve
CVE-2023-26120
2023-04-10 05:15:07
prion
prion
Hardcoded credentials
2023-04-10 05:15:00
osv
osv
XXL-JOB vulnerable to Cross-site Scripting
2023-04-10 06:30:16
veracode
veracode
Cross-Site Scripting (XSS)
2023-04-19 05:31:37
nvd
nvd
CVE-2023-26120
2023-04-10 05:15:07
github
github
XXL-JOB vulnerable to Cross-site Scripting
2023-04-10 06:30:16
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:P
0.001 Low
EPSS
Percentile
50.4%
Related for CVELIST:CVE-2023-26120