Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/15 7:24 p.m.7 views

CVE-2026-39400

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

6.1CVSS5.9AI score0.00171EPSS
Exploits1References1
NVD
NVD
added 2026/04/07 9:17 p.m.3 views

CVE-2026-39400

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

6.1CVSS0.00171EPSS
Exploits1References1
CVE
CVE
added 2026/04/07 8:22 p.m.10 views

CVE-2026-39400

Cronicle suffers a Stored XSS vulnerability in versions before 0.9.111. A non-admin user with create_events and run_events privileges can inject arbitrary JavaScript through job output fields (html.content, html.title, table.header, table.rows, table.caption). The server stores this data without ...

6.1CVSS6AI score0.00171EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/07 8:22 p.m.17 views

CVE-2026-39400 Stored XSS via Job HTML/Table Output in Cronicle

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

5.3CVSS0.00171EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/07 8:22 p.m.4 views

CVE-2026-39400 Stored XSS via Job HTML/Table Output in Cronicle

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with createevents and runevents privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The serve...

5.3CVSS5.9AI score0.00171EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-31019

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with create events and run events privileges can inject arbitrary JavaScript through job output fields html.content, html.title, table.header, table.rows, table.caption. The...

5.3CVSS6AI score0.00171EPSS
Exploits1References4
Rows per page
Query Builder