CVE-2019-25502

Name of the Vulnerable Software and Affected Versions Simple Job Script (affected versions not specified)

Description The software contains a cross-site scripting issue that allows unauthenticated attackers to inject malicious scripts. This is achieved by manipulating the job type value parameter in the ''/jobs'' API endpoint. Attackers can use SVG payload injection to execute arbitrary JavaScript in victim browsers, potentially leading to session cookie theft or unauthorized actions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.