Xuxueli Xxl-api

2 CVEs affecting Xuxueli Xxl-api. Latest disclosed: 2025-11-12. Critical: 0, High: 0.

Top CVEs affecting Xuxueli Xxl-api
CVESeverityScorePublishedSummary
CVE-2025-60645Medium6.52025-11-12A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.
CVE-2025-60646Medium6.12025-11-12A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a…