Unrated severityNVD Advisory· Published Sep 23, 2014· Updated May 6, 2026

CVE-2014-5392

Description

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.

Affected products

Sos/Jobscheduler5 versions
cpe:2.3:a:sos:jobscheduler:1.7.4189:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sos:jobscheduler:1.7.4189:*:*:*:*:*:*:*
- cpe:2.3:a:sos:jobscheduler:*:*:*:*:*:*:*:*range: <=1.6.4131
- cpe:2.3:a:sos:jobscheduler:1.6.4014:*:*:*:*:*:*:*
- cpe:2.3:a:sos:jobscheduler:1.6.4043:*:*:*:*:*:*:*
- cpe:2.3:a:sos:jobscheduler:1.7.4177:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/128181/JobScheduler-XML-eXternal-Entity-Injection.htmlnvdPatch
www.christian-schneider.net/advisories/CVE-2014-5392.txtnvdPatch
www.sos-berlin.com/modules/news/article.phpnvdPatch
www.securityfocus.com/archive/1/533374/100/0/threadednvd
change.sos-berlin.com/browse/JS-1204nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000