Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jp5r-4x9q-4vcf: xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.

ghsa
Open in Source
#csrf#vulnerability#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2020-24922

xuxueli xxl-job Cross-Site Request Forgery Vulnerability

Moderate severity GitHub Reviewed Published Aug 11, 2023 to the GitHub Advisory Database • Updated Aug 11, 2023

Package

maven com.xuxueli:xxl-job (Maven)

Affected versions

<= 2.2.0

Published to the GitHub Advisory Database

Aug 11, 2023

Last updated

Aug 11, 2023

Related news

CVE-2020-24922: There is a CSRF vulnerability that can add the administrator account · Issue #1921 · xuxueli/xxl-job

Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.

ghsa: Latest News

GHSA-pj33-75x5-32j4: RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
ghsa