CVE-2019-25502 MEDIUM

CVE-2019-25502: Simple Job Script Cross-Site Scripting via job_type_value Parameter

Vendor Niteosoft
Product Simple Job Script
Weakness CWE-79 · XSS
Published March 4, 2026
Last update May 24, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.

Key dates

02Disclosure timeline

March 4, 2026 CVE published
May 24, 2026 Record updated