exploitDog

CVE-2024-51379

Опубликовано: 05 нояб. 2024

Источник: nvd

CVSS3: 8.4

EPSS Низкий

Описание

Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions.

Ссылки

https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-3-stored-xss-description-component-de49d0077a96
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:jatos:jatos:3.9.3:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00101

Низкий

8.4 High

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-w9pr-cvj2-cxfc

CVSS3: 8.4

github

больше 1 года назад

Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions.

EPSS

Процентиль: 28%

0.00101

Низкий

8.4 High

CVSS3

Дефекты

CWE-79