RSS   Vulnerabilities for 'Xxl-job'   RSS

2020-12-27
 
CVE-2020-29204

CWE-79
 

 
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.

 
2020-09-03
 
CVE-2020-23814

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.

 
 
CVE-2020-23811

CWE-200
 

 
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.

 

 >>> Vendor: Xuxueli 2 Products
Xxl-conf
Xxl-job


Copyright 2024, cxsecurity.com

 

Back to Top