2 matches found
CVE-2026-7303 Xuxueli xxl-job Execution Log JobLogController.java logDetailCat resource injection
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...
CSS Injection
Overview chartkick is a Ruby gem that allows creation of JavaScript charts. Affected versions of this package are vulnerable to CSS Injection. Chartkick is vulnerable to CSS injection if user input is passed to the width or height option. An attacker can set additional CSS properties, like:...