JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-07-13T22:28:34.238Z
Updated: 2024-08-02T17:09:34.055Z
Reserved: 2023-06-29T19:35:26.440Z
Link: CVE-2023-37272
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-13T23:15:10.677
Modified: 2023-07-27T14:50:59.623
Link: CVE-2023-37272
Redhat
No data.