Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60645 | 1 Xuxueli | 1 Xxl-api | 2025-12-03 | N/A | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request. | |||||
| CVE-2025-60646 | 1 Xuxueli | 1 Xxl-api | 2025-12-03 | N/A | 6.1 MEDIUM |
| A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | |||||