Xxl-job@2.2.0 Security Vulnerabilities and Issues — Xxl-job@2.2.0 CVE List

Lucene search

XuxueliXxl-job2.2.0

6 matches found

CVE•added 2022/09/28 6:15 p.m.•101 views

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).

9.8CVSS9.6AI score0.00188EPSS

CVE•added 2020/12/27 6:15 a.m.•98 views

CVE-2020-29204

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.

6.1CVSS5.9AI score0.00236EPSS

CVE•added 2023/03/21 7:15 p.m.•93 views

CVE-2023-27087

Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.

7.5CVSS7.2AI score0.00068EPSS

CVE•added 2020/09/03 5:15 p.m.•51 views

CVE-2020-23811

xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.

7.5CVSS7.4AI score0.00316EPSS

CVE•added 2020/09/03 5:15 p.m.•40 views

CVE-2020-23814

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.

6.1CVSS6AI score0.00429EPSS

CVE•added 2023/08/11 2:15 p.m.•31 views

CVE-2020-24922

Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.

8.8CVSS9.1AI score0.01345EPSS