Cross-site Scripting in XXL-JOB
Moderate severity
GitHub Reviewed
Published
Oct 12, 2021
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Dec 27, 2020
Reviewed
Oct 8, 2021
Published to the GitHub Advisory Database
Oct 12, 2021
Last updated
Feb 1, 2023
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
References