cvedb.io
CVE-2024-51379
HIGH · CVSS 8.4
EPSS exploitation probability: 0%
Published 2024-11-05T19:15:07.373 · Last modified 2026-06-17T08:05:39.370

Summary

Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions.

Affected products

jatos — jatos

Does this affect you?

Add your gear to cvedb and we'll alert you only when jatos ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.