Xxl-job Security Vulnerabilities and Issues — Xxl-job CVE List

Lucene search

XuxueliXxl-job

5 matches found

CVE•added 2020/12/27 6:15 a.m.•100 views

CVE-2020-29204

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.

6.1CVSS5.9AI score0.0028EPSS

CVE•added 2023/02/04 8:15 a.m.•49 views

CVE-2023-0674

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. T...

6.5CVSS5.3AI score0.00053EPSS

CVE•added 2020/09/03 5:15 p.m.•43 views

CVE-2020-23814

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.

6.1CVSS6AI score0.01905EPSS

CVE•added 2023/04/10 5:15 a.m.•32 views

CVE-2023-26120

This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.

6.1CVSS6.2AI score0.00122EPSS

CVE•added 2025/07/18 4:15 p.m.•7 views

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insuff...

6.3CVSS4.4AI score0.00019EPSS