CVE-2020-29204: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

October 12, 2021

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.

References

github.com/advisories/GHSA-wc73-w5r9-x9pc
github.com/xuxueli/xxl-job/commit/227628567354d3c156951009d683c6fec3006e0e
github.com/xuxueli/xxl-job/issues/2083
nvd.nist.gov/vuln/detail/CVE-2020-29204

Detect and mitigate CVE-2020-29204 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →