CVE-2025-60646

Published November 12th, 2025

View on NVD ↗

CVSS v3

6.1

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

xuxueli/xxl-api

A api management platform.（API管理平台XXL-API）

GitHub

954