Vulnerabilities > Xuxueli
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-40929 | OS Command Injection vulnerability in Xuxueli Xxl-Job 2.2.0 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. | 9.8 |
| 2022-06-03 | CVE-2022-29770 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.3.0 XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | 3.5 |
| 2022-05-23 | CVE-2022-29002 | Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0 A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | 6.8 |
| 2020-12-27 | CVE-2020-29204 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0 XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. | 4.3 |
| 2020-09-03 | CVE-2020-23814 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0 Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | 4.3 |
| 2020-09-03 | CVE-2020-23811 | Information Exposure vulnerability in Xuxueli Xxl-Job 2.2.0 xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | 5.0 |
| 2018-12-12 | CVE-2018-20094 | Path Traversal vulnerability in Xuxueli Xxl-Conf 1.6.0 An issue was discovered in XXL-CONF 1.6.0. | 5.0 |