Lucene search

K
osvGoogleOSV:GHSA-4J2P-X79M-JCJ8
HistoryApr 10, 2023 - 6:30 a.m.

XXL-JOB vulnerable to Cross-site Scripting

2023-04-1006:30:16
Google
osv.dev
6
xxl-job
cross-site scripting
html payload
vulnerable
security risk
software

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.2%

XXL-JOB (com.xuxueli:xxl-job) versions 2.4.0 and earlier are vulnerable to cross-site scripting (XSS). An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

50.2%

Related for OSV:GHSA-4J2P-X79M-JCJ8