Cross-Site Request Forgery (CSRF)

2023-02-0906:27:10

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

xxl-job

csrf

vulnerability

password modification

validation missing

attacker

0.001 Low

EPSS

Percentile

31.0%

JSON

xxl-job is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to a lack of validation in updatePwd which allows an attacker to modify any user passwords.

CPENameOperatorVersion
xxl-joble2.3.1
xxl-joble2.3.1

CPE	Name	Operator	Version
	xxl-job	le	2.3.1
	xxl-job	le	2.3.1

References

github.com/advisories/GHSA-pv4m-h859-jwmq

github.com/boyi0508/xxl-job-explain/blob/main/README.md

vuldb.com/?ctiid.220196

vuldb.com/?id.220196

0.001 Low

EPSS

Percentile

31.0%

JSON

Related for VERACODE:39177