Xuxueli Xxl-Job vulnerabilities
27 known vulnerabilities affecting xuxueli/xxl-job.
Total CVEs
27
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH12MEDIUM11LOW2
Vulnerabilities
Page 2 of 2
CVE-2020-29204P4MEDIUMCVSS 6.1v2.2.02020-12-27
CVE-2020-29204 [MEDIUM] CWE-79 CVE-2020-29204: XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
nvd
CVE-2025-9263P4MEDIUMCVSS 4.3≤ 3.1.1v3.1.0+1 more2025-08-20
CVE-2025-9263 [MEDIUM] CWE-99 CVE-2025-9263: A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has bee
nvd
CVE-2023-48087P4MEDIUMCVSS 5.4v2.4.02023-11-15
CVE-2023-48087 [MEDIUM] CWE-732 CVE-2023-48087: xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xx
xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat.
nvd
CVE-2022-29770P4MEDIUMCVSS 5.4v2.3.02022-06-03
CVE-2022-29770 [MEDIUM] CWE-79 CVE-2022-29770: XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.
nvd
CVE-2023-48088P4MEDIUMCVSS 5.4v2.4.02023-11-15
CVE-2023-48088 [MEDIUM] CWE-79 CVE-2023-48088: xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailP
xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.
nvd
CVE-2026-7303P4LOWCVSS 3.7v3.3.0v3.3.1+1 more2026-04-28
CVE-2026-7303 [LOW] CWE-99 CVE-2026-7303: A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDeta
A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId results in improper control of resource identifiers. The attack may be perfor
nvd
CVE-2025-7789P4LOWCVSS 3.7≤ 3.1.1v3.1.0+1 more2025-07-18
CVE-2025-7789 [LOW] CWE-326 CVE-2025-7789: A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched re
nvd
← Previous2 / 2