CVE-2023-26120

Name of the Vulnerable Software and Affected Versions com.xuxueli:xxl-job versions 2.4.0 and earlier

Description The issue allows an HTML uploaded payload to be executed successfully through the API endpoints "/xxl-job-admin/user/add" and "/xxl-job-admin/user/update". This can lead to cross-site scripting (XSS) attacks.

Recommendations For versions 2.4.0 and earlier, as a temporary workaround, consider restricting access to the /xxl-job-admin/user/add and /xxl-job-admin/user/update API endpoints until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.