CVE-2019-25502
Cross-Site Scripting in Simple Job Script Jobs Endpoint
Publication date: 2026-03-04
Last updated on: 2026-03-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| simplejobscript | simplejobscript | to 1.66 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25502 is a cross-site scripting (XSS) vulnerability in Simple Job Script versions up to 1.66. It occurs because the application does not properly neutralize input in the job_type_value parameter of the jobs endpoint.
Unauthenticated attackers can inject malicious SVG payloads through this parameter, which causes arbitrary JavaScript to execute in the browsers of users who visit the affected pages.
This can lead to attackers stealing session cookies or performing unauthorized actions on behalf of the victim.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript in your browser when you interact with the affected application.
- Attackers can steal your session cookies, potentially hijacking your authenticated sessions.
- They can perform unauthorized actions on your behalf within the application.
Overall, this can lead to loss of control over your account and exposure of sensitive information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves injection of malicious SVG payloads via the job_type_value parameter in the jobs endpoint of Simple Job Script. Detection involves monitoring HTTP requests to this endpoint for suspicious or unexpected SVG or script content.'}, {'type': 'paragraph', 'content': 'You can detect attempts to exploit this vulnerability by inspecting web server logs or using network monitoring tools to filter requests containing the job_type_value parameter with suspicious payloads.'}, {'type': 'list_item', 'content': 'Use tools like curl or wget to manually test the jobs endpoint by sending crafted requests with SVG payloads to see if the application improperly executes scripts.'}, {'type': 'list_item', 'content': "Example curl command to test injection: curl -X POST 'http://yourserver/jobs' -d 'job_type_value=<svg/onload=alert(1)>'"}, {'type': 'list_item', 'content': 'Use web application scanners or proxy tools (e.g., OWASP ZAP, Burp Suite) to automate detection of XSS vulnerabilities targeting the job_type_value parameter.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include validating and sanitizing all inputs to the job_type_value parameter to prevent injection of malicious scripts.
Apply available patches or updates to Simple Job Script to a version higher than 1.66 where this vulnerability is fixed.
Implement Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers.
Monitor and block suspicious requests targeting the jobs endpoint, especially those containing SVG or script payloads.