Vulnerabilities > Xuxueli > XXL JOB > 2.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-24113 | Server-Side Request Forgery (SSRF) vulnerability in Xuxueli Xxl-Job xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. | 8.8 |
| 2023-11-15 | CVE-2023-48087 | Incorrect Permission Assignment for Critical Resource vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. | 5.4 |
| 2023-11-15 | CVE-2023-48088 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | 5.4 |
| 2023-11-15 | CVE-2023-48089 | Unspecified vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. | 8.8 |