xuxueli/xxl-api

Releases9

Frequency1 year 3 weeks

Last Release 8 months ago

Stars954

A api management platform.（API管理平台XXL-API）

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-60646 ↗	Nov 12, 2025Wednesday, 12 November 2025, 19:15	6.1 MEDIUM	—
A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
CVE-2025-60645 ↗	Nov 12, 2025Wednesday, 12 November 2025, 18:15	6.5 MEDIUM	—
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.