Home

Description

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-04 | Updated 2026-03-05 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

1.66
affected

Credits

Ahmet Ümit BAYRAM finder

References

www.exploit-db.com/exploits/46612 (ExploitDB-46612) exploit

www.vulncheck.com/...-scripting-via-job-type-value-parameter (VulnCheck Advisory: Simple Job Script Cross-Site Scripting via job_type_value Parameter) third-party-advisory

cve.org (CVE-2019-25502)

nvd.nist.gov (CVE-2019-25502)

Download JSON