Description
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
Remediation
References
https://github.com/xuxueli/xxl-job/issues/1921
Related Vulnerabilities
CVE-2022-0341 Vulnerability in npm package vditor
CVE-2023-30517 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner
CVE-2022-36083 Vulnerability in npm package jose
CVE-2023-34092 Vulnerability in npm package vite
CVE-2023-27094 Vulnerability in maven package cn.hippo4j:hippo4j-all