Xuxueli Xxl-api
2 CVEs affecting Xuxueli Xxl-api. Latest disclosed: 2025-11-12. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-60645 | Medium | 6.5 | 2025-11-12 | A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request. |
CVE-2025-60646 | Medium | 6.1 | 2025-11-12 | A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a… |