Vulnerabilities > Xuxueli

DATE CVE VULNERABILITY TITLE RISK
2024-08-15 CVE-2024-42681 Incorrect Default Permissions vulnerability in Xuxueli Xxl-Job 2.4.1
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
network
low complexity
xuxueli CWE-276
8.8
2024-02-08 CVE-2024-24113 Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
network
low complexity
xuxueli CWE-918
8.8
2023-11-15 CVE-2023-48087 Incorrect Permission Assignment for Critical Resource vulnerability in Xuxueli Xxl-Job 2.4.0
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
network
low complexity
xuxueli CWE-732
5.4
2023-11-15 CVE-2023-48088 Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.4.0
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
network
low complexity
xuxueli CWE-79
5.4
2023-11-15 CVE-2023-48089 Unspecified vulnerability in Xuxueli Xxl-Job 2.4.0
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
network
low complexity
xuxueli
8.8
2023-08-11 CVE-2020-24922 Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.2.0
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
network
low complexity
xuxueli CWE-352
8.8
2023-05-26 CVE-2023-33779 Unspecified vulnerability in Xuxueli Xxl-Job 2.4.1
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
network
low complexity
xuxueli
8.8
2023-04-10 CVE-2023-26120 Cross-site Scripting vulnerability in Xuxueli Xxl-Job
This affects all versions of the package com.xuxueli:xxl-job.
network
low complexity
xuxueli CWE-79
6.1
2023-03-21 CVE-2023-27087 Unspecified vulnerability in Xuxueli Xxl-Job 2.2.0/2.3.0/2.3.1
Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.
network
low complexity
xuxueli
7.5
2023-02-04 CVE-2023-0674 Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.1
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1.
network
low complexity
xuxueli CWE-352
6.5