📦 Xxl Job

CVE-2024-42681 is an insecure permissions vulnerability in xxl-job v2.4.1 that allows remote attackers to execute arbitrary code via the Sub-Task ID component. This affects all deployments running the...

This SSRF vulnerability in xxl-job allows low-privileged users to make the server execute arbitrary requests to internal systems, potentially leading to remote code execution. It affects all deploymen...

xxl-job-admin 2.4.0 contains a remote code execution vulnerability in the /xxl-job-admin/jobcode/save endpoint. Attackers can execute arbitrary code on affected systems, potentially compromising the e...

This CSRF vulnerability in xxl-job-admin allows attackers to create admin users via crafted HTML files, leading to privilege escalation and potential arbitrary code execution. It affects xxl-job versi...

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows authenticated users to execute arbitrary commands on other users' accounts via a crafted POST request to /jobinfo/. This enables a...

A permissions vulnerability in Xuxueli xxl-job versions 2.2.0, 2.3.0, and 2.3.1 allows attackers to obtain sensitive information via the pageList parameter. This affects organizations using these vuln...

This vulnerability in Xuxueli xxl-job allows remote attackers to manipulate job ID parameters to improperly control resource identifiers, potentially enabling unauthorized job deletion or manipulation...

This vulnerability in Xuxueli xxl-job allows attackers to manipulate jobGroup parameters to improperly access resources. It affects xxl-job versions up to 3.1.1 and can be exploited remotely without a...

This critical Server-Side Request Forgery (SSRF) vulnerability in Xuxueli xxl-job allows attackers to make unauthorized requests from the vulnerable server to internal or external systems. Attackers c...