Stored XSS Vulnerability in XXL-JOB Affects User Management Functionality
CVE-2020-29204

6.1MEDIUM

Key Information:

Vendor: Xuxueli
Status: Xxl-job
Vendor: CVE Published:; 27 December 2020

What is CVE-2020-29204?

The XX-JOB version 2.2.0 is susceptible to stored Cross-Site Scripting (XSS) vulnerabilities, specifically in the Add User feature. An attacker can exploit this flaw to inject malicious scripts, bypassing the system’s existing 20-character input restriction. This flaw poses a risk as it may lead to the execution of arbitrary code in the context of other users accessing the affected application. Security measures should be taken to address this vulnerability and mitigate potential attacks.

References

https://github.com/xuxueli/xxl-job/issues/2083

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2020
Vulnerability Reserved
Nov 27, 2020

Xuxueli

What is CVE-2020-29204?

References

CVSS V3.1

Timeline