VYPR
Vendor

xxl-api

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2025-60645Nov 12, 2025
    risk 0.00cvss epss 0.00

    A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.

  • CVE-2025-60646Nov 12, 2025
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.