[MAVEN:GHSA-PV4M-H859-JWMQ] Cross-Site Request Forgery in XXL Job
Severity
Moderate
Affected Packages
1
CVEs
1
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.
Package | Affected Version |
---|---|
pkg:maven/com.xuxueli/xxl-job | <= 2.3.1 |
- ID
- MAVEN:GHSA-PV4M-H859-JWMQ
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-pv4m-h859-jwmq
- Published
-
2023-02-04T09:30:20
(19 months ago) - Modified
-
2023-02-14T21:22:07
(19 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/com.xuxueli/xxl-job | com.xuxueli | xxl-job | <= 2.3.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |