Xxl-job Security Vulnerabilities and Issues — Xxl-job CVE List

Lucene search

XuxueliXxl-job

3 matches found

CVE•added 2020/12/27 6:15 a.m.•98 views

CVE-2020-29204

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.

6.1CVSS5.9AI score0.0028EPSS

CVE•added 2020/09/03 5:15 p.m.•51 views

CVE-2020-23811

xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.

7.5CVSS7.4AI score0.00316EPSS

CVE•added 2020/09/03 5:15 p.m.•40 views

CVE-2020-23814

Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.

6.1CVSS6AI score0.00429EPSS