2 matches found
CVE-2020-6854
A cross-site scripting XSS vulnerability in the JOC Cockpit component of SOS JobScheduler 1.11 and 1.13.2 allows attackers to inject arbitrary web script or HTML via JSON properties available from the REST API...
CVE-2020-6854
The provided connected documents confirm a cross-site scripting (XSS) vulnerability in the SOS JobScheduler JOC Cockpit component, affecting versions 1.11 and 1.13.2. The root cause is input handling that allows JSON properties from the REST API to be interpreted as executable client-side script ...