Lucene search
GitHub Advisory DatabaseGHSA-4J2P-X79M-JCJ8HistoryApr 10, 2023 - 6:30 a.m.
XXL-JOB vulnerable to Cross-site Scripting
2023-04-1006:30:16
CWE-79
GitHub Advisory Database
github.com
15
xxl-job
cross-site scripting
vulnerable
html payload
/xxl-job-admin/user/add
/xxl-job-admin/user/update
software
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
50.4%
XXL-JOB (com.xuxueli:xxl-job) versions 2.4.0 and earlier are vulnerable to cross-site scripting (XSS). An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
Affected configurations
Node
com.xuxueli\xxlMatchjob
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.xuxueli:xxl-job | le | 2.4.0 |
Related
cve
cve
CVE-2023-26120
2023-04-10 05:15:07
prion
prion
Hardcoded credentials
2023-04-10 05:15:00
osv
osv
XXL-JOB vulnerable to Cross-site Scripting
2023-04-10 06:30:16
veracode
veracode
Cross-Site Scripting (XSS)
2023-04-19 05:31:37
nvd
nvd
CVE-2023-26120
2023-04-10 05:15:07
cvelist
cvelist
CVE-2023-26120
2023-04-10 05:00:01
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
50.4%
Related for GHSA-4J2P-X79M-JCJ8