Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Xuxueli
Filtered by product Xxl-api
Angry Yack Logo
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-60645 1 Xuxueli 1 Xxl-api 2025-12-03 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.
CVE-2025-60646 1 Xuxueli 1 Xxl-api 2025-12-03 N/A 6.1 MEDIUM
A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.