CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-3366 – Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection
https://notcve.org/view.php?id=CVE-2024-3366
06 Apr 2024 — A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. This vulnerability affects the function deserialize of the file com/xxl/job/core/util/JdkSerializeTool.java of the component Template Handler. The manipulation leads to injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259480. • https://github.com/xuxueli/xxl-job/issues/3391 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-24113
https://notcve.org/view.php?id=CVE-2024-24113
08 Feb 2024 — xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. xxl-job =< 2.4.1 tiene una vulnerabilidad de Server-Side Request Forgery (SSRF), que hace que los usuarios con pocos privilegios controlen el ejecutor de RCE. • https://github.com/xuxueli/xxl-job/issues/3375 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48088
https://notcve.org/view.php?id=CVE-2023-48088
15 Nov 2023 — xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. xxl-job-admin 2.4.0 es vulnerable a Cross Site Scripting (XSS) a través de /xxl-job-admin/joblog/logDetailPage. • https://github.com/xuxueli/xxl-job/issues/3329 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48087
https://notcve.org/view.php?id=CVE-2023-48087
15 Nov 2023 — xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. xxl-job-admin 2.4.0 es vulnerable a permisos inseguros a través de /xxl-job-admin/joblog/clearLog y /xxl-job-admin/joblog/logDetailCat. • https://github.com/xuxueli/xxl-job/issues/3330 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48089
https://notcve.org/view.php?id=CVE-2023-48089
15 Nov 2023 — xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. xxl-job-admin 2.4.0 es vulnerable a la ejecución remota de código (RCE) a través de /xxl-job-admin/jobcode/save. • https://github.com/xuxueli/xxl-job/issues/3333 •