Steward007

**Name of the Vulnerable Software and Affected Versions** XXL-JOB version 2.2.0 **Description** The issue allows Stored XSS in the Add User feature, bypassing the 20-character limit via the UserController.java file in xxl-job-admin. This can be exploited through the `xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java` file. **Recommendations** For XXL-JOB version 2.2.0, consider disabling the `UserController.java` function temporarily until a patch is available to prevent exploitation of the Stored XSS vulnerability. Restrict access to the Add User feature to minimize the risk of exploitation.