Primary

Context

Simple Job Script Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Simple Job Script versions through 1.66. This issue allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Exploitation involves crafting requests with SVG payloads that execute arbitrary JavaScript in the context of the victim's browser, potentially leading to the theft of session cookies or unauthorized actions.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to the jobs endpoint with the job_type_value parameter set to include an SVG payload, such as an SVG image with an onload event. This can be done by manipulating the job_type_value parameter in the request.

Added: Mar 4, 2026, 7:02 PM

Updated: Mar 4, 2026, 7:02 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.5

exploitability

7.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.5

exploitability

7.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Simple Job Script Cross-Site Scripting Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Simple Job Script

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating