CVSS Score of 10 (low)


Published Jul 13, 2023
Updated: Jul 27, 2023


CVE-2023-37272 is a vulnerability in the JS7 Open Source Job Scheduler. It allows an attacker to inject malicious code through specifically crafted file names when uploading user-generated documentation for JOC Cockpit, resulting in an XSS attack. The vulnerability poses a high risk to branch 1.13 of JobScheduler (JS1) but does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The issue is resolved with the release of version 1.13.19. The vulnerability affects multiple products within the cyWCD* range, and it has a medium severity rating based on the CVSS score of 5.4-6.3, indicating low privileges required for exploitation and low impact on integrity and confidentiality.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-37272 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options