N0Th1N3

**Name of the Vulnerable Software and Affected Versions** xxl-job-admin version 2.4.0 **Description** The issue concerns insecure permissions in xxl-job-admin, specifically affecting the "/xxl-job-admin/joblog/clearLog" and "/xxl-job-admin/joblog/logDetailCat" API endpoints. **Recommendations** For xxl-job-admin version 2.4.0, consider restricting access to the "/xxl-job-admin/joblog/clearLog" and "/xxl-job-admin/joblog/logDetailCat" API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xxl-job-admin version 2.4.0 **Description** The issue is related to Cross Site Scripting (XSS) that can be exploited via the "/xxl-job-admin/joblog/logDetailPage" API endpoint. This allows for potential malicious script injection. **Recommendations** For xxl-job-admin version 2.4.0, as a temporary workaround, consider restricting access to the "/xxl-job-admin/joblog/logDetailPage" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xxl-job-admin version 2.4.0 **Description** The issue allows for Remote Code Execution (RCE) via the `/xxl-job-admin/jobcode/save` API endpoint. **Recommendations** For xxl-job-admin version 2.4.0, as a temporary workaround, consider restricting access to the `/xxl-job-admin/jobcode/save` API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.