Simplejobscript
CVE-2019-25502
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.
AnalysisAI
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. [CVSS 6.1 MEDIUM]
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects the jobs component of Simplejobscript. Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in Simplejobscript
View allAn issue was discovered in Simplejobscript.com SJS through 1.66. Rated critical severity (CVSS 9.8), this vulnerability
controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q
Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by inject
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database q
An issue was discovered in Simplejobscript.com SJS before 1.65. Rated critical severity (CVSS 9.8), this vulnerability i
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today