CVE-2020-29204
MEDIUMXXL-JOB 2.2.0 - XSS
Title source: llmDescription
XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src/main/java/com/xxl/job/admin/controller/UserController.java.
Exploits (1)
nomisec
WORKING POC
by shoucheng3 · poc
https://github.com/shoucheng3/xuxueli__xxl-job_CVE-2020-29204_2-2-0
Scores
CVSS v3
6.1
EPSS
0.0028
EPSS Percentile
51.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
com.xuxueli/xxl-job-core
0 - 2.3.0Maven
xuxueli/xxl-job
2.2.0
Published
Dec 27, 2020
Tracked Since
Feb 18, 2026