Medium severity6.3NVD Advisory· Published Jul 13, 2023· Updated Jun 17, 2026
CVE-2023-37272
CVE-2023-37272
Description
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2branch 1.13, before 1.13.19+ 1 more
- (no CPE)range: branch 1.13, before 1.13.19
- (no CPE)range: < 1.13.19
Patches
Vulnerability mechanics
References
2- change.sos-berlin.com/browse/SET-226nvdPatchVendor Advisory
- github.com/sos-berlin/joc-cockpit/security/advisories/GHSA-qr44-gm3x-7hfcnvdThird Party Advisory
News mentions
0No linked articles in our index yet.