XSS in Jhuckaby Cronicle

CVE-2026-39400

Cronicle is a multi-server task scheduler and runner, with a web based front-end UI. Prior to 0.9.111, a non-admin user with create_events and run_events privileges can inject arbitrary JavaScript through job output fields (html.content, h…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.7th percentile) — read the EPSS interpretation.