CVE-2020-29204

Name of the Vulnerable Software and Affected Versions XXL-JOB version 2.2.0

Description The issue allows Stored XSS in the Add User feature, bypassing the 20-character limit via the UserController.java file in xxl-job-admin. This can be exploited through the xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java file.

Recommendations For XXL-JOB version 2.2.0, consider disabling the UserController.java function temporarily until a patch is available to prevent exploitation of the Stored XSS vulnerability. Restrict access to the Add User feature to minimize the risk of exploitation.