Headline
GHSA-4j2p-x79m-jcj8: XXL-JOB vulnerable to Cross-site Scripting
XXL-JOB (com.xuxueli:xxl-job) versions 2.4.0 and earlier are vulnerable to cross-site scripting (XSS). An HTML uploaded payload can be executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
XXL-JOB vulnerable to Cross-site Scripting
Moderate severity GitHub Reviewed Published Apr 10, 2023 to the GitHub Advisory Database • Updated Apr 10, 2023
Related news
CVE-2023-26120: Snyk Vulnerability Database | Snyk
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.