CVE-2020-24922
published 2023-08-11CVE-2020-24922: Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code…
PriorityP340high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.44%
35.5th percentile
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xuxueli | xxl-job | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
xuxueli xxl-job Cross-Site Request Forgery Vulnerability
osv·2023-08-11
CVE-2020-24922 [HIGH] xuxueli xxl-job Cross-Site Request Forgery Vulnerability
xuxueli xxl-job Cross-Site Request Forgery Vulnerability
Cross Site Request Forgery (CSRF) vulnerability in `xxl-job-admin/user/add` in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
GHSA
xuxueli xxl-job Cross-Site Request Forgery Vulnerability
ghsa·2023-08-11
CVE-2020-24922 [HIGH] CWE-352 xuxueli xxl-job Cross-Site Request Forgery Vulnerability
xuxueli xxl-job Cross-Site Request Forgery Vulnerability
Cross Site Request Forgery (CSRF) vulnerability in `xxl-job-admin/user/add` in xuxueli xxl-job version 2.2.0 allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-11
Published