CVE-2019-25502
Received Received - Intake
Cross-Site Scripting in Simple Job Script Jobs Endpoint

Publication date: 2026-03-04

Last updated on: 2026-03-05

Assigner: VulnCheck

Description
Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim browsers and steal session cookies or perform unauthorized actions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-04
Last Modified
2026-03-05
Generated
2026-06-16
AI Q&A
2026-03-04
EPSS Evaluated
2026-06-14
NVD
CVE-2019-25502
EUVD
EUVD-2019-19728
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
simplejobscript simplejobscript to 1.66 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25502 is a cross-site scripting (XSS) vulnerability in Simple Job Script versions up to 1.66. It occurs because the application does not properly neutralize input in the job_type_value parameter of the jobs endpoint.

Unauthenticated attackers can inject malicious SVG payloads through this parameter, which causes arbitrary JavaScript to execute in the browsers of users who visit the affected pages.

This can lead to attackers stealing session cookies or performing unauthorized actions on behalf of the victim.

Impact Analysis

This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript in your browser when you interact with the affected application.

  • Attackers can steal your session cookies, potentially hijacking your authenticated sessions.
  • They can perform unauthorized actions on your behalf within the application.

Overall, this can lead to loss of control over your account and exposure of sensitive information.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves injection of malicious SVG payloads via the job_type_value parameter in the jobs endpoint of Simple Job Script. Detection involves monitoring HTTP requests to this endpoint for suspicious or unexpected SVG or script content.'}, {'type': 'paragraph', 'content': 'You can detect attempts to exploit this vulnerability by inspecting web server logs or using network monitoring tools to filter requests containing the job_type_value parameter with suspicious payloads.'}, {'type': 'list_item', 'content': 'Use tools like curl or wget to manually test the jobs endpoint by sending crafted requests with SVG payloads to see if the application improperly executes scripts.'}, {'type': 'list_item', 'content': "Example curl command to test injection: curl -X POST 'http://yourserver/jobs' -d 'job_type_value=<svg/onload=alert(1)>'"}, {'type': 'list_item', 'content': 'Use web application scanners or proxy tools (e.g., OWASP ZAP, Burp Suite) to automate detection of XSS vulnerabilities targeting the job_type_value parameter.'}] [1]

Mitigation Strategies

Immediate mitigation steps include validating and sanitizing all inputs to the job_type_value parameter to prevent injection of malicious scripts.

Apply available patches or updates to Simple Job Script to a version higher than 1.66 where this vulnerability is fixed.

Implement Content Security Policy (CSP) headers to restrict execution of unauthorized scripts in browsers.

Monitor and block suspicious requests targeting the jobs endpoint, especially those containing SVG or script payloads.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25502. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart