CVE-2020-29204

MEDIUM WAF: High

CVSS 6.1 Published: 2020-12-27

CWE-79

XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

Affected Software

Vendor	Product	Version
xuxueli	xxl-job	2.2.0

References

github.com (Exploit, Third Party Advisory)

Back to CVE Database