Description
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.
Remediation
References
https://security.snyk.io/vuln/SNYK-JAVA-COMXUXUELI-3248764
Related Vulnerabilities
CVE-2023-30521 Vulnerability in maven package org.jenkins-ci.plugins:assembla-merge-request-builder
CVE-2021-37695 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2020-8268 Vulnerability in npm package json8-merge-patch
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core
CVE-2023-26475 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore