CNNVD-202511-1398 Information

CNNVD ID

CNNVD-202511-1398

Related CVE

CVE-2025-60645

• CNNVD Published: 2025-11-12

Description (Chinese)

xxl-api是许雪里个人开发者的一个接口管理平台。 xxl-api v1.3.0版本存在安全漏洞，该漏洞源于管理模块存在跨站请求伪造，可能导致任意添加用户。

Description (English)

xxl-api is an interface management platform for individual developers in Sherry. There is a security loophole in version xxl-api v1.3.0, which stems from the existence of a cross-site request for forgery in the management module, which may result in the arbitrary addition of users.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-12

Last Modified

2026-02-24

References

https://gist.github.com/LockeTom/77fb982a49dee956101810bbefa09fb4 https://github.com/xuxueli/xxl-api/issues/64 https://access.redhat.com/security/cve/cve-2025-60645

Patch

https://github.com/xuxueli/xxl-api/releases