CVE-2019-25499

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...

CVE-2019-25499

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jobid parameter. Attackers can send POST requests to getjobapplicationsajax.php with malicious jobid values to bypass authentication,...

CVE-2019-25499

CVE-2019-25499 affects the Simple Job Script and allows unauthenticated SQL injection via the job_id parameter in get_job_applications_ajax.php. The vulnerability enables manipulation of database queries, potentially bypassing authentication and exposing or altering data. CVSS metrics indicate hi...

Simplejobscript SQL注入漏洞

Simplejobscript is a free worksheet software developed by Niteosoft. Simplejobscript has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the jobid parameter, which could allow unverified attackers to manipulate database queries, extract sensitive data, or modify...

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

CVE-2025-54965

An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it in the job status page. An attacker who is able to social engineer a user into clicking a malicious link may be able to execute arbitrary...

PT-2025-43993

Name of the Vulnerable Software and Affected Versions BAE SOCET GXP versions prior to 4.6.0.2 Description An XSS issue exists in the SOCET GXP Job Status Service. The service does not properly sanitize the job ID parameter before using it in the job status page. An attacker may be able to execute...

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP versions prior to 4.6.0.2, which stems from the Job Status Service not properly clearing the job ID parameter, which could lead...

EUVD-2021-24933

Malware in sbrugna...

CVE-2025-20366

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...

CVE-2023-7049

CVE-2023-7049 affects the Custom Field For WP Job Manager WordPress plugin. It enables insecure direct object access via the cm_fieldshow shortcode, due to missing validation of the job_id parameter. All versions up to 1.2 are affected. Exploitation requires authenticated access at contributor le...

PT-2024-12915 · Unknown · Code-Projects.Org Online Job Portal

Name of the Vulnerable Software and Affected Versions: code-projects.org Online Job Portal version 1.0 Description: The issue is related to SQL Injection. It can be exploited via the "/Employer/DeleteJob.php?JobId=1" API endpoint, specifically through the JobId variable. This allows for potential...

Online Job Portal Security Vulnerability

Online Job Portal is an online job portal for janobe individual developers. A security vulnerability exists in Online Job Portal that originates from an SQL injection attack via /Employer/DeleteJob.php?JobId=1...

EasyJobs < 1.4.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the job-id parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting PoC https://example.com/wp-content/plugins/easyjobs/admin/partials/easyjobs-candidates-display.php?job-id=%22%3E%3Cimg/src/onerror=alert/XSS/%3E...

CVE-2021-25022

The UpdraftPlus WordPress Backup Plugin WordPress plugin before 1.16.66 does not sanitise and escape the backuptimestamp and jobid parameter before outputting then back in admin pages, leading to Reflected Cross-Site Scripting issues...

Spoofing

The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...

CVE-2021-38481 AUVESY Versiondog

The scheduler service running on a specific TCP port enables the user to start and stop jobs. There is no sanitation of the supplied JOB ID provided to the function. An attacker may send a malicious payload that can enable the user to execute another SQL expression by sending a specific string...

CVE-2021-28970

eMPS 9.0.1.923211 on the Central Management of FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the jobid parameter to the email search feature. According to the vendor, the issue is fixed in 9.0.3...

CVE-2020-8645

An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL injection via the job applications search function. The vulnerable parameter is jobid. The function is getJobApplicationsByJobId. The file is lib/class.JobApplication.php...