Shodan
Vulnerabilities
Vulnerable Software
Xuxueli:  >> Xxl-Job  Security Vulnerabilities
CVE-2024-42681
Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Task ID component.
CVSS Score
8.8
EPSS Score
0.008
Published
2024-08-15
CVE-2024-3366
A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-04-06
CVE-2024-24113
xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-02-08
CVE-2023-48087
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-15
CVE-2023-48088
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-11-15
CVE-2023-48089
xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.
CVSS Score
8.8
EPSS Score
0.013
Published
2023-11-15
CVE-2020-24922
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
CVSS Score
8.8
EPSS Score
0.013
Published
2023-08-11
CVE-2023-33779
A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-05-26
CVE-2023-26120
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-10
CVE-2023-27087
Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-03-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved