Known Vulnerabilities for products from Xuxueli
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Xuxueli".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-3733 json | Not Provided | 2026-03-08 | 2026-03-11 | |
| CVE-2023-48089 json | 8.8 - HIGH | 2023-11-15 | 2023-11-21 | |
| CVE-2023-48088 json | 5.4 - MEDIUM | 2023-11-15 | 2023-11-21 | |
| CVE-2023-48087 json | 5.4 - MEDIUM | 2023-11-15 | 2023-11-21 | |
| CVE-2023-33779 json | A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's a... | 8.8 - HIGH | 2023-05-26 | 2023-06-02 |
| CVE-2023-27087 json | Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive informatio... | 7.5 - HIGH | 2023-03-21 | 2023-03-24 |
| CVE-2023-26120 json | This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-ad... | 6.1 - MEDIUM | 2023-04-10 | 2023-11-07 |
| CVE-2023-0674 json | A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown... | 6.5 - MEDIUM | 2023-02-04 | 2023-11-07 |
| CVE-2022-43183 json | XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java... | 8.8 - HIGH | 2022-11-17 | 2022-11-21 |
| CVE-2022-40929 json | XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. | 9.8 - CRITICAL | 2022-09-28 | 2023-08-08 |
| CVE-2022-36157 json | XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin func... | 8.8 - HIGH | 2022-08-19 | 2022-08-23 |
| CVE-2022-29770 json | XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | 5.4 - MEDIUM | 2022-06-03 | 2022-06-13 |
| CVE-2022-29002 json | A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the c... | 8.8 - HIGH | 2022-05-23 | 2022-06-07 |
| CVE-2020-29204 json | XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/ad... | 6.1 - MEDIUM | 2020-12-27 | 2020-12-29 |
| CVE-2020-24922 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-08-11 | 2023-08-17 |
| CVE-2020-23814 json | Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script o... | 6.1 - MEDIUM | 2020-09-03 | 2020-09-04 |
| CVE-2020-23811 json | xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | 7.5 - HIGH | 2020-09-03 | 2021-07-21 |
| CVE-2018-20094 json | An issue was discovered in XXL-CONF 1.6.0. There is a path traversal vulnerability via ../ in the keys parameter that can dow... | 7.5 - HIGH | 2018-12-12 | 2019-01-04 |