Description
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.
Remediation
References
https://github.com/xuxueli/xxl-job/issues/1921
Related Vulnerabilities
CVE-2022-0225 Vulnerability in maven package org.keycloak:keycloak-core
CVE-2011-3190 Vulnerability in maven package tomcat:tomcat-coyote
CVE-2023-40573 Vulnerability in maven package org.xwiki.platform:xwiki-platform-scheduler-api
CVE-2020-35202 Vulnerability in maven package org.igniterealtime.openfire.plugins:dbaccess
CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox