Latest xuxueli xxl-job Vulnerabilities

CVE-2024-24113
xxl-job <= 2.4.0 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
maven/com.xuxueli:xxl-job<=2.4.0
xuxueli xxl-job<=2.4.1
CVE-2023-48089
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
xuxueli xxl-job=2.4.0
maven/com.xuxueli:xxl-job-admin<=2.4.0
CVE-2023-48087
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
xuxueli xxl-job=2.4.0
maven/com.xuxueli:xxl-job-admin<=2.4.0
CVE-2023-48088
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
xuxueli xxl-job=2.4.0
maven/com.xuxueli:xxl-job-admin<=2.4.0
CVE-2020-24922
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html f...
xuxueli xxl-job=2.2.0
maven/com.xuxueli:xxl-job<=2.2.0
CVE-2023-33779
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
xuxueli xxl-job=2.4.1
CVE-2023-26120
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
xuxueli xxl-job
CVE-2023-27087
Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.
xuxueli xxl-job=2.2.0
xuxueli xxl-job=2.3.0
xuxueli xxl-job=2.3.1
CVE-2023-0674
XXL-JOB New Password updatePwd cross-site request forgery
xuxueli xxl-job=2.3.1
=2.3.1
CVE-2022-43183
XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.
xuxueli xxl-job<=2.3.1
maven/com.xuxueli:xxl-job-core<2.3.1
CVE-2022-40929
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.
xuxueli xxl-job=2.2.0
CVE-2022-36157
XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.
xuxueli xxl-job<=2.3.1
maven/com.xuxueli:xxl-job<=2.3.1
CVE-2022-29770
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.
xuxueli xxl-job=2.3.0
CVE-2022-29002
A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
xuxueli xxl-job=2.3.0
CVE-2020-29204
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
xuxueli xxl-job=2.2.0
CVE-2020-23814
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.j...
xuxueli xxl-job=2.2.0
maven/com.xuxueli:xxl-job<2.3.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203