| tiêu đề | Cross-site request forgery exists at XXL-JOB password modification |
|---|
| Mô tả | XXL-JOB is a lightweight distributed task scheduling platform. Its core design goals are rapid development, simple learning, lightweight and easy to expand. Now the source code has been opened and connected to the online product lines of many companies. It is ready to use out of the box. There is a cross-site request forgery vulnerability in XXL-JOB 2.3.1. This vulnerability originates from the user's password modification, which does not verify the original password and human-machine. An attacker can use this vulnerability to construct malicious web pages and induce users to click to achieve the purpose of modifying user passwords. Details:https://github.com/boyi0508/xxl-job-explain/blob/main/README.md |
|---|
| Nguồn | ⚠️ https://github.com/xuxueli/xxl-job |
|---|
| Người dùng | boyi (UID 40109) |
|---|
| Đệ trình | 04/02/2023 03:33 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 04/02/2023 08:34 (5 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 220196 [XXL-JOB 2.3.1 New Password /user/updatePwd Giả mạo yêu cầu liên trang] |
|---|
| điểm | 20 |
|---|