Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xxl\-Job
(Xuxueli)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-11-17 | CVE-2022-43183 | XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java. | Xxl\-Job | 8.8 | ||
| 2022-08-19 | CVE-2022-36157 | XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | Xxl\-Job | 8.8 | ||
| 2022-06-03 | CVE-2022-29770 | XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | Xxl\-Job | 5.4 | ||
| 2022-05-23 | CVE-2022-29002 | A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | Xxl\-Job | 8.8 | ||
| 2020-09-03 | CVE-2020-23811 | xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | Xxl\-Job | 7.5 | ||
| 2020-12-27 | CVE-2020-29204 | XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java. | Xxl\-Job | 6.1 | ||
| 2020-09-03 | CVE-2020-23814 | Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file. | Xxl\-Job | N/A |