MidnightBSD

Advisories for sos

CVE-2014-5391 MEDIUM

Cross-site scripting (XSS) vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote attackers to inject arbitrary web script or HTML via the hash property (location.hash).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
sos jobscheduler 1.6.4014
sos jobscheduler *
sos jobscheduler 1.7.4177
sos jobscheduler 1.7.4189
sos jobscheduler 1.6.4043
CVE-2014-5392 MEDIUM

XML External Entity (XXE) vulnerability in JobScheduler before 1.6.4246 and 7.x before 1.7.4241 allows remote attackers to cause a denial of service and read arbitrary files or directories via a request containing an XML external entity declaration in conjunction with an entity reference.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sos jobscheduler 1.6.4014
sos jobscheduler *
sos jobscheduler 1.7.4177
sos jobscheduler 1.7.4189
sos jobscheduler 1.6.4043
CVE-2014-5393 MEDIUM

Directory traversal vulnerability in the JobScheduler Operations Center (JOC) in SOS JobScheduler before 1.6.4246 and 1.7.x before 1.7.4241 allows remote authenticated users with the info permission to read arbitrary files in the webroot via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
sos jobscheduler 1.6.4014
sos jobscheduler *
sos jobscheduler 1.7.4177
sos jobscheduler 1.7.4189
sos jobscheduler 1.6.4043