Skip to main content

Simplejobscript CVE-2019-25502

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-04 disclosure@vulncheck.com
XSS Simplejobscript
6.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:05 vuln.today
PoC Detected
Mar 05, 2026 - 22:16 vuln.today
Public exploit code
CVE Published
Mar 04, 2026 - 18:16 nvd
MEDIUM 6.1

DescriptionNVD

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.

AnalysisAI

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. [CVSS 6.1 MEDIUM]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the jobs component of Simplejobscript. Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.

RemediationAI

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Share

CVE-2019-25502 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy