Vulnerabilities > Xuxueli > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-48087 Incorrect Permission Assignment for Critical Resource vulnerability in Xuxueli Xxl-Job 2.4.0
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
network
low complexity
xuxueli CWE-732
5.4
2023-11-15 CVE-2023-48088 Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.4.0
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
network
low complexity
xuxueli CWE-79
5.4
2023-04-10 CVE-2023-26120 Cross-site Scripting vulnerability in Xuxueli Xxl-Job
This affects all versions of the package com.xuxueli:xxl-job.
network
low complexity
xuxueli CWE-79
6.1
2023-02-04 CVE-2023-0674 Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.1
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1.
network
low complexity
xuxueli CWE-352
6.5
2022-05-23 CVE-2022-29002 Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
network
xuxueli CWE-352
6.8
2020-12-27 CVE-2020-29204 Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
network
xuxueli CWE-79
4.3
2020-09-03 CVE-2020-23814 Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
network
xuxueli CWE-79
4.3
2020-09-03 CVE-2020-23811 Information Exposure vulnerability in Xuxueli Xxl-Job 2.2.0
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
network
low complexity
xuxueli CWE-200
5.0
2018-12-12 CVE-2018-20094 Path Traversal vulnerability in Xuxueli Xxl-Conf 1.6.0
An issue was discovered in XXL-CONF 1.6.0.
network
low complexity
xuxueli CWE-22
5.0