CVE-2023-0674— XXL-JOB New Password updatePwd cross-site request forgery
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-0674
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XXL-JOB New Password updatePwd cross-site request forgery
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
XXL-JOB 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
XXL-JOB是许雪里(XXL-JOB)社区的一款基于java语言的分布式任务调度平台。 XXL-JOB 2.3.1版本存在跨站请求伪造漏洞,该漏洞源于组件New Password Handler的文件/user/updatePwd 存在一些未知功能,导致跨站请求伪造漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | XXL-JOB | 2.3.1 | - |
II. Public POCs for CVE-2023-0674
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-0674
请登录查看更多情报信息。
Same Patch Batch · n/a · 2023-02-04 · 4 CVEs total
| CVE-2023-0675 | 6.3 MEDIUM | Calendar Event Management System sql injection |
| CVE-2018-25080 | 3.5 LOW | MobileDetect Example session_example.php initLayoutType cross site scripting |
| CVE-2023-25193 | HarfBuzz 安全漏洞 |
IV. Related Vulnerabilities
Same product: XXL-JOB
- CVE-2026-7306
Xuxueli xxl-job OpenAPI Endpoint OpenApiController.java hard - CVE-2026-7305
Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java trig - CVE-2026-7303
Xuxueli xxl-job Execution Log JobLogController.java logDetai - CVE-2026-3733
xuxueli xxl-job JobInfoController.java server-side request f - CVE-2025-9264
Xuxueli xxl-job Jobs JobInfoController.java remove resource
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2023-0674
No comments yet