Cross-Site Scripting Vulnerabilities in XXL-JOB by Xuxueli
CVE-2020-23814

6.1MEDIUM

Key Information:

Vendor: Xuxueli
Status: Xxl-job
Vendor: CVE Published:; 3 September 2020

What is CVE-2020-23814?

The xxl-job software version 2.2.0 presents multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to execute arbitrary web scripts or HTML. This can occur through the manipulation of the AppName and AddressList parameters in the JobGroupController.java file. If exploited, these vulnerabilities could compromise the integrity and security of web applications using this job scheduling solution, enabling malicious actors to inject harmful scripts into the affected sites.

References

https://www.ccsq8.com/issues.html

x_refsource_MISC

https://github.com/xuxueli/xxl-job/issues/1866

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2020
Vulnerability Reserved
Aug 13, 2020