CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-5391

Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.5%

CVSS Severity

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html
http://www.christian-schneider.net/advisories/CVE-2014-5391.txt
http://www.securityfocus.com/archive/1/533372/100/0/threaded
http://www.securityfocus.com/bid/69660
http://www.sos-berlin.com/modules/news/article.php?storyid=73
http://www.sos-berlin.com/modules/news/article.php?storyid=74
https://change.sos-berlin.com/browse/JS-1203
https://exchange.xforce.ibmcloud.com/vulnerabilities/95797
http://packetstormsecurity.com/files/128180/JobScheduler-Cross-Site-Scripting.html
http://www.christian-schneider.net/advisories/CVE-2014-5391.txt
http://www.securityfocus.com/archive/1/533372/100/0/threaded
http://www.securityfocus.com/bid/69660
http://www.sos-berlin.com/modules/news/article.php?storyid=73
http://www.sos-berlin.com/modules/news/article.php?storyid=74
https://change.sos-berlin.com/browse/JS-1203
https://exchange.xforce.ibmcloud.com/vulnerabilities/95797

Products affected by CVE-2014-5391

Sos » Jobscheduler » Version: Any

cpe:2.3:a:sos:jobscheduler:*
Sos » Jobscheduler » Version: 1.6.4014

cpe:2.3:a:sos:jobscheduler:1.6.4014
Sos » Jobscheduler » Version: 1.6.4043

cpe:2.3:a:sos:jobscheduler:1.6.4043
Sos » Jobscheduler » Version: 1.7.4177

cpe:2.3:a:sos:jobscheduler:1.7.4177
Sos » Jobscheduler » Version: 1.7.4189

cpe:2.3:a:sos:jobscheduler:1.7.4189

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-5391

Products

Pricing

Contact Us