CNNVD-202511-1388 Information

CNNVD ID

CNNVD-202511-1388

Related CVE

CVE-2025-60646

• CNNVD Published: 2025-11-12

Description (Chinese)

xxl-api是许雪里个人开发者的一个接口管理平台。 xxl-api v1.3.0版本存在安全漏洞，该漏洞源于业务线管理模块存在存储型跨站脚本，可能导致执行任意Web脚本或HTML。

Description (English)

xxl-api is an interface management platform for individual developers in Sherry. Version xxl-api v1.3.0 has a security loophole, which stems from the existence of a storage cross-site script in the business line management module, which may result in the execution of any Web script or HTML.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-12

Last Modified

2026-02-24

References

https://gist.github.com/LockeTom/0a02c0b2e2011abfbdf4e5fdbcc9b371 https://github.com/xuxueli/xxl-api/issues/65 https://access.redhat.com/security/cve/cve-2025-60646

Patch

https://github.com/xuxueli/xxl-api/releases