Skip to main content

Xxl Job CVE-2023-48088

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-11-15 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Nov 15, 2023 - 15:15 nvd
MEDIUM 5.4

DescriptionNVD

xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage.

AnalysisAI

xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. Affected products include: Xuxueli Xxl-Job.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-3366 CRITICAL POC
9.8 Apr 06

A vulnerability classified as problematic was found in Xuxueli xxl-job up to 2.4.1. Rated critical severity (CVSS 9.8),

CVE-2022-40929 CRITICAL POC
9.8 Sep 28

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. Rated critical severity (CVSS 9.8), this vulner

CVE-2023-33779 HIGH POC
8.8 May 26

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another use

CVE-2024-42681 HIGH POC
8.8 Aug 15

Insecure Permissions vulnerability in xxl-job v.2.4.1 allows a remote attacker to execute arbitrary code via the Sub-Tas

CVE-2024-24113 HIGH POC
8.8 Feb 08

xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control ex

CVE-2023-48089 HIGH POC
8.8 Nov 15

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. Rated high severity (C

CVE-2022-43183 HIGH POC
8.8 Nov 17

XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController

CVE-2022-29002 HIGH POC
8.8 May 23

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via

CVE-2023-27087 HIGH POC
7.5 Mar 21

Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive infor

CVE-2023-0674 MEDIUM POC
6.5 Feb 04

A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Rated medium severity (CVSS 6.5),

CVE-2023-26120 MEDIUM POC
6.1 Apr 10

This affects all versions of the package com.xuxueli:xxl-job. Rated medium severity (CVSS 6.1), this vulnerability is re

CVE-2020-29204 MEDIUM POC
6.1 Dec 27

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/j

Share

CVE-2023-48088 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy