VYPR
Unrated severityNVD Advisory· Published Mar 4, 2026· Updated Apr 7, 2026

Simple Job Script Cross-Site Scripting via job_type_value Parameter

CVE-2019-25502

Description

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.