Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-37272
HistoryJul 13, 2023 - 11:15 p.m.

Design/Logic Flaw

2023-07-1323:15:00
PRIOn knowledge base
www.prio-n.com
4
xss vulnerability
file upload
high risk
js1 branch
release 1.13.19
jobscheduler
open source.

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19.

CPENameOperatorVersion
jobschedulerlt1.13.19

Related

cvelist 1
nvd 1
cve 1
osv 1
cvelist
cvelist
CVE-2023-37272 XSS vulnerability in JOC Cockpit branch 1.13
2023-07-13 22:28:34
nvd
nvd
CVE-2023-37272
2023-07-13 23:15:10
cve
cve
CVE-2023-37272
2023-07-13 23:15:10
osv
osv
CVE-2023-37272
2023-07-13 23:15:10

5.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON
Related for PRION:CVE-2023-37272
cvelist1nvd1cve1osv1