Besnardf

**Name of the Vulnerable Software and Affected Versions** JobScheduler (JS1) versions 1.13.0 through 1.13.18 **Description** The issue allows for an XSS attack through specifically crafted file names when uploading files for user-generated documentation in JOC Cockpit. This can inject code that is executed by the browser. The risk of this issue is considered high. **Recommendations** For JobScheduler (JS1) versions 1.13.0 through 1.13.18, update to version 1.13.19 to resolve the issue.