3 matches found
CVE-2023-37272
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1....
CVE-2023-37272 XSS vulnerability in JOC Cockpit branch 1.13
JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1....
CVE-2023-37272
Summary (CVE-2023-37272) : The JOC Cockpit component of JobScheduler (JS7) is affected by a cross-site scripting (XSS) vulnerability that arises when users upload files containing user-generated documents and specify filenames crafted to inject code executed in the browser. The issue is present i...