CVE-2020-23814
published 2020-09-03CVE-2020-23814: Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and…
PriorityP277medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.19%
64.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xuxueli | xxl-job | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring POST requests to /xxl-job-admin/jobgroup/save containing XSS payloads (e.g., script tags or alert()) in the appname or addressList parameters. ↗
- →Fingerprint vulnerable XXL-JOB 2.2.0 instances by checking HTTP response body for the string 'XXL-JOB 2.2.0' on the /xxl-job-admin/ endpoint. ↗
- →Use Shodan query http.html:"/xxl-job-admin/static/favicon.ico" or favicon hash 1691956220 to identify exposed XXL-JOB admin panels. ↗
- →Use FOFA query app="xxl-job" or icon_hash=1691956220 to identify exposed XXL-JOB instances. ↗
- →The attack flow requires authentication first (POST /xxl-job-admin/login), then stores XSS payload via POST /xxl-job-admin/jobgroup/save, and triggers it via POST /xxl-job-admin/jobgroup/pageList — monitor this sequence of requests as an attack chain indicator. ↗
- →Requests to the vulnerable endpoints include the header X-Requested-With: XMLHttpRequest; monitor for this combined with suspicious appname/addressList parameter values containing HTML/JS. ↗
- ·Exploitation requires prior authentication to the XXL-JOB admin panel; the XSS is stored (not reflected), meaning the payload is injected via jobgroup/save and triggered when jobgroup/pageList is rendered. ↗
- ·The vulnerability is confirmed only in XXL-JOB version 2.2.0; the detection template checks for 'XXL-JOB 2.2.0' in the response body to gate further exploitation steps. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
xxl-job Multiple cross-site scripting (XSS) vulnerabilities
osv·2022-05-24
CVE-2020-23814 [MEDIUM] xxl-job Multiple cross-site scripting (XSS) vulnerabilities
xxl-job Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
GHSA
xxl-job Multiple cross-site scripting (XSS) vulnerabilities
ghsa·2022-05-24
CVE-2020-23814 [MEDIUM] xxl-job Multiple cross-site scripting (XSS) vulnerabilities
xxl-job Multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
VulnCheck
xuxueli xxl-job Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2020·CVSS 6.1
CVE-2020-23814 [MEDIUM] xuxueli xxl-job Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
xuxueli xxl-job Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
Affected: xuxueli xxl-job
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf
No detection rules found.
Nuclei
XXL-JOB v2.2.0 — Stored Cross Site Scripting
nuclei·CVSS 6.1
CVE-2020-23814 [MEDIUM] XXL-JOB v2.2.0 — Stored Cross Site Scripting
XXL-JOB v2.2.0 — Stored Cross Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
Template:
id: CVE-2020-23814
info:
name: XXL-JOB v2.2.0 — Stored Cross Site Scripting
author: Sourabh-Sahu
severity: medium
description: |
Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) AppName and (2)AddressList parameter in JobGroupController.java file.
impact: |
Authenticated attackers can inject malicious JavaScript through the AppName and AddressList parameters, potentially stealing admin session cookies or performing administrative action
No writeups or analysis indexed.
2020-09-03
Published
Exploited in the wild