com.xuxueli:xxl-job-core

vulnerable: 1.4.1 ... 2.2.0 (24 versions)

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.

vulnerable: 1.4.1 ... 2.2.0 (24 versions)

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case (running arbitrary Bash scripts on behalf of users).

vulnerable: 1.4.1 ... 2.3.1 (26 versions)

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.

vulnerable: 1.4.1 ... 2.4.0 (27 versions)

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipula…

vulnerable: 1.4.1 ... 2.4.1 (28 versions)

Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.

vulnerable: 1.4.1 ... 3.1.1 (33 versions)

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation lead…