Advisories for Maven/Com.xuxueli/Xxl-Job-Admin package

2023

xxl-job-admin vulnerable to Insecure Permissions

xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.