Vulnerabilities > Xuxueli > XXL JOB > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-24113 | Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. | 8.8 |
| 2023-08-11 | CVE-2020-24922 | Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.2.0 Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | 8.8 |
| 2023-03-21 | CVE-2023-27087 | Unspecified vulnerability in Xuxueli Xxl-Job 2.2.0/2.3.0/2.3.1 Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. | 7.5 |
| 2022-11-17 | CVE-2022-43183 | Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | 8.8 |
| 2022-09-28 | CVE-2022-40929 | OS Command Injection vulnerability in Xuxueli Xxl-Job 2.2.0 XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. | 9.8 |
| 2022-08-19 | CVE-2022-36157 | Improper Privilege Management vulnerability in Xuxueli Xxl-Job XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | 8.8 |
| 2020-12-27 | CVE-2020-29204 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0 XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. | 6.1 |
| 2020-09-03 | CVE-2020-23814 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0 Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | 6.1 |
| 2020-09-03 | CVE-2020-23811 | Unspecified vulnerability in Xuxueli Xxl-Job 2.2.0 xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | 7.5 |