CVE-2025-60645

Medium CVSS: 6.5

A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.

Vendor

Product

CWE

Yayın Tarihi

2025-11-12 18:15:35

Güncelleme

2025-12-03 21:33:51

Source Identifier

cve@mitre.org

KEV Date Added

CWE-352 Xxl-api MEDIUM Xuxueli 2025

https://gist.github.com/LockeTom/77fb982a49dee956101810bbefa09fb4 https://github.com/xuxueli/xxl-api/issues/64

Medium

CVE-2025-60646

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitr…

Medium

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src…

Medium

CVE-2025-9263

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByG…

Medium

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the fu…

Medium

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function ht…

Medium

CVE-2025-7788

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability…