VYPR
Medium severity6.3NVD Advisory· Published Jul 13, 2023· Updated Jun 17, 2026

CVE-2023-37272

CVE-2023-37272

Description

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • sos-berlin/JOC Cockpitllm-fuzzy2 versions
    branch 1.13, before 1.13.19+ 1 more
    • (no CPE)range: branch 1.13, before 1.13.19
    • (no CPE)range: < 1.13.19

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.