CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
56.6%
com.xuxueli:xxl-job is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists in xxl-job-admin/user/add
, which allows an attacker to use a crafted .html
file to cause CSRF attacks due to insufficient checks, resulting in arbitrary code execution and privilege escalations.