Xuxueli: >> Xxl-Api Security Vulnerabilities
A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-11-12
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-12