Vulnerabilities > Xuxueli

DATE CVE VULNERABILITY TITLE RISK
2022-11-17 CVE-2022-43183 Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job
XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.
network
low complexity
xuxueli CWE-918
8.8
2022-09-28 CVE-2022-40929 OS Command Injection vulnerability in Xuxueli Xxl-Job 2.2.0
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.
network
low complexity
xuxueli CWE-78
critical
9.8
2022-08-19 CVE-2022-36157 Improper Privilege Management vulnerability in Xuxueli Xxl-Job
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
network
low complexity
xuxueli CWE-269
8.8
2022-06-03 CVE-2022-29770 Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.3.0
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.
network
low complexity
xuxueli CWE-79
5.4
2022-05-23 CVE-2022-29002 Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
network
low complexity
xuxueli CWE-352
8.8
2020-12-27 CVE-2020-29204 Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
network
low complexity
xuxueli CWE-79
6.1
2020-09-03 CVE-2020-23814 Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
network
low complexity
xuxueli CWE-79
6.1
2020-09-03 CVE-2020-23811 Unspecified vulnerability in Xuxueli Xxl-Job 2.2.0
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
network
low complexity
xuxueli
7.5
2018-12-12 CVE-2018-20094 Path Traversal vulnerability in Xuxueli Xxl-Conf 1.6.0
An issue was discovered in XXL-CONF 1.6.0.
network
low complexity
xuxueli CWE-22
7.5