CVE-2025-60646

Medium CVSS: 6.1

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

Vendor

Xuxueli

Product

Xxl-api

CWE

CWE-79

Yayın Tarihi

2025-11-12 19:15:37

Güncelleme

2025-12-03 21:30:51

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Xxl-api MEDIUM Xuxueli 2025

Referanslar

https://gist.github.com/LockeTom/0a02c0b2e2011abfbdf4e5fdbcc9b371 https://github.com/xuxueli/xxl-api/issues/65

Benzer Kayıtlar

Medium

CVE-2025-60645

A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module…

Medium

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src…

Medium

CVE-2025-9263

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByG…

Medium

CVE-2025-7789

A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the fu…

Medium

CVE-2025-7787

A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function ht…

Medium

CVE-2025-7788

A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability…