Vulnerabilities > Xuxueli > XXL JOB > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-15 | CVE-2023-48087 | Incorrect Permission Assignment for Critical Resource vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. | 5.4 |
| 2023-11-15 | CVE-2023-48088 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.4.0 xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | 5.4 |
| 2023-04-10 | CVE-2023-26120 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job This affects all versions of the package com.xuxueli:xxl-job. | 6.1 |
| 2023-02-04 | CVE-2023-0674 | Unspecified vulnerability in Xuxueli Xxl-Job 2.3.1 A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. | 6.5 |
| 2022-06-03 | CVE-2022-29770 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.3.0 XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | 5.4 |
| 2020-12-27 | CVE-2020-29204 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0 XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. | 6.1 |
| 2020-09-03 | CVE-2020-23814 | Cross-site Scripting vulnerability in Xuxueli Xxl-Job 2.2.0 Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | 6.1 |