Lucene search
+L

313 matches found

Nuclei
Nuclei
added 8 hours ago29 views

XXL-JOB v2.2.0 — Stored Cross Site Scripting

Multiple cross-site scripting XSS vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via 1 AppName and 2AddressList parameter in JobGroupController.java file. id: CVE-2020-23814 info: name: XXL-JOB v2.2.0 — Stored Cross Site Scripting author:...

6.1CVSS6.1AI score0.01188EPSS
Exploits1References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-44844

Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...

6.1CVSS6.4AI score0.00356EPSS
Exploits1References2
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-44843

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS6.2AI score0.00224EPSS
Exploits1References3
NVD
NVD
added 3 days ago8 views

CVE-2026-26719

Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...

6.1CVSS0.00356EPSS
Exploits1References1
NVD
NVD
added 3 days ago7 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

9.1CVSS0.00224EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-26719

Cross Site Scripting vulnerability in xxl-job-admin v.3.0.0 allows a remote attacker to execute arbitrary code via a crafted HTTP GET request containing a malicious script...

0.00356EPSS
Exploits1References1
CVE
CVE
added 3 days ago2 views

CVE-2026-26719

CVE-2026-26719 affects xxl-job-admin v3.0.0 with a stored/reflected XSS in JobInfoController.java via unsanitized addressList (stored/URL-encoded JavaScript). Affected versions are

6.1CVSS6.4AI score0.00356EPSS
Exploits1References1
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-26718

A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application v.3.0.0 that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods via a permissive...

0.00224EPSS
Exploits1References2
CVE
CVE
added 3 days ago4 views

CVE-2026-26718

CVE-2026-26718 – xxl-job-admin 3.0.0 CSRF flaw . A Cross-Site Request Forgery exists in the xxl-job-admin web application (v3.0.0) that enables an attacker to perform unauthorized modifications to Glue IDE shell scripts. The affected endpoint lacks proper CSRF token validation and accepts arbitra...

9.1CVSS6.2AI score0.00224EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-60330

Name of the Vulnerable Software and Affected Versions xxl-job-admin version 3.0.0 Description A Cross-Site Request Forgery CSRF issue exists in the web application. This occurs because a specific endpoint lacks proper CSRF token validation and accepts arbitrary HTTP methods through a permissive...

6.2AI score0.00224EPSS
Exploits1References4
Packet Storm
Packet Storm
added 3 days ago25 views

📄 xxl-job Cross Site Scripting

A persistent cross site scripting vulnerability exists in xxl-job-admin JobInfoController.java where the addressList parameter accepts unsanitized URL‑encoded JavaScript. xxl-job versions prior to 3.4.0 are affected. Description Summary A stored Cross‑Site Scripting vulnerability exists in...

6.1CVSS5.7AI score0.00356EPSS
Exploits1
Packet Storm
Packet Storm
added 3 days ago19 views

📄 xxl-job Cross Site Request Forgery

xxl-job versions prior to 3.4.0 suffer from a cross site request forgery vulnerability. Description Summary A Cross-Site Request Forgery CSRF vulnerability exists in the xxl-job-admin web application that allows an attacker to perform unauthorized modifications to Glue IDE shell scripts. The...

9.1CVSS5.7AI score0.00224EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.11 views

CVE-2026-7303

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS4.5AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-7305

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

6.5CVSS6.2AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/30 2:47 p.m.16 views

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS5.1AI score0.00327EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/29 4:25 p.m.7 views

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the logDetailCat function in the Execution Log Handler. An attacker can access unauthorized resources by obtaining a valid logId and sending requests directly to logDetailCat endpoint. Remediation Upgrade...

6.3CVSS5.8AI score0.00418EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 12:30 a.m.4 views

GHSA-GW2X-MFWR-H46P xxl-job has a Resource Injection issue

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS5.1AI score0.00418EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/04/29 12:30 a.m.24 views

xxl-job has a Resource Injection issue

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improp...

6.3CVSS5.1AI score0.00418EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/04/28 10:16 p.m.21 views

CVE-2026-7306

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the component OpenAPI Endpoint. Such manipulation of the argument defaulttok...

6.3CVSS0.00327EPSS
Exploits0References6
NVD
NVD
added 2026/04/28 10:16 p.m.9 views

CVE-2026-7305

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...

6.5CVSS0.00209EPSS
Exploits0References6
Rows per page
Query Builder