Vulnerability Details CVE-2019-25502
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.7%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2019-25502
-
cpe:2.3:a:simplejobscript:simplejobscript:1.65
-
cpe:2.3:a:simplejobscript:simplejobscript:1.66