Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Apr 7, 2026

Simple Job Script Cross-Site Scripting via job_type_value Parameter

CVE-2019-25502

Description

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.

Affected products

Niteosoft/Simple Job Scriptllm-fuzzy2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)range: 1.66

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46612mitreexploit
www.vulncheck.com/advisories/simple-job-script-cross-site-scripting-via-job-type-value-parametermitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000