Every CVE whose affected-product data names Xuxueli Xxl-api, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-60645 — CVSS 6.5 (medium): A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET…
CVE-2025-60646 — CVSS 6.1 (medium): A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or…