Devi1Syd

**Name of the Vulnerable Software and Affected Versions** xuxueli xxl-job version 2.2.0 **Description** The issue is a Cross Site Request Forgery (CSRF) vulnerability in the `xxl-job-admin/user/add` endpoint, which allows remote attackers to execute arbitrary code and escalate privileges via a crafted .html file. This vulnerability enables attackers to perform unauthorized actions on the affected system. **Recommendations** For version 2.2.0, consider disabling access to the `xxl-job-admin/user/add` endpoint until a patch is available. As a temporary workaround, restrict the use of this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.