A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows malicious users to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.
xuxueli xxl-job 2.3.0