com.xuxueli:xxl-job
Maven11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting com.xuxueli:xxl-jobpage 1 of 1
- CVE-2020-23811HIGHCVSS 7.5EG 7.52020-09-03
vulnerable: 1.4.1 ... 2.2.0 (24 versions)
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
- CVE-2020-23814MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.3.02020-09-03
vulnerable: 1.4.1 ... 2.2.0 (24 versions)
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
- CVE-2020-24922HIGHCVSS 8.8EG 8.82023-08-11
vulnerable: 1.4.1 ... 2.2.0 (24 versions)
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
- CVE-2022-29002HIGHCVSS 8.8EG 8.82022-05-23
vulnerable: 1.4.1 ... 2.3.0 (25 versions)
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
- CVE-2022-29770MEDIUMCVSS 5.4EG 5.42022-06-03
vulnerable: 1.4.1 ... 2.3.1 (26 versions)
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.
- CVE-2022-36157HIGHCVSS 8.8EG 8.8✓ Fixed in 2.4.02022-08-19
vulnerable: 1.4.1 ... 2.3.1 (26 versions)
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
- CVE-2023-0674MEDIUMCVSS 4.3EG 6.52023-02-04
vulnerable: 1.4.1 ... 2.3.1 (26 versions)
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-…
- CVE-2023-26120MEDIUMCVSS 5.4EG 6.12023-04-10
vulnerable: 1.4.1 ... 2.4.0 (27 versions)
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
- CVE-2023-27087HIGHCVSS 7.5EG 7.52023-03-21
vulnerable: 2.2.0, 2.3.0, 2.3.1
Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.
- CVE-2023-33779HIGHCVSS 8.8EG 8.82023-05-26
vulnerable: 1.4.1 ... 2.4.1 (28 versions)
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
- CVE-2024-24113HIGHCVSS 8.8EG 8.82024-02-08
vulnerable: 1.4.1 ... 2.4.2 (29 versions)
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
Check whether com.xuxueli:xxl-job is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for com.xuxueli:xxl-job CVEs against the assets you own.
Start Free Scan →