CVE-2025-60646 | THREATINT

Description

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.

PUBLISHED Reserved 2025-09-26 | Published 2025-11-12 | Updated 2025-11-12 | Assigner mitre

References

github.com/xuxueli/xxl-api/issues/65

gist.github.com/LockeTom/0a02c0b2e2011abfbdf4e5fdbcc9b371

cve.org (CVE-2025-60646)

nvd.nist.gov (CVE-2025-60646)

Download JSON