CVE-2024-51379

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-51379

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51379.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-51379

Published

2024-11-05T19:15:07.373Z

Modified

2026-04-10T05:14:48.428601Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions.

References

https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-3-stored-xss-description-component-de49d0077a96

Affected packages

Git / github.com/jatos/jatos

Affected ranges

Type

GIT

Repo

https://github.com/jatos/jatos

Events

Introduced

Last affected

694d15402ee5e3853f05f48ffe38bb612e7a1804

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.9.3"
        }
    ]
}

Affected versions

g3.*

g3.5.4

v1.*

v1.0alpha

v1.1.1-alpha

v1.1.10-beta

v1.1.11-beta

v1.1.2-alpha

v1.1.3-beta

v1.1.4-beta

v1.1.5-beta

v1.1.6-beta

v1.1.7-beta

v1.1.8-beta

v1.1.9-beta

v1.1alpha

v2.*

v2.1.1-alpha

v2.1.10-beta

v2.1.11-beta

v2.1.12-beta

v2.1.2-alpha

v2.1.3-alpha

v2.1.4-alpha

v2.1.5-beta

v2.1.6-beta

v2.1.7-beta

v2.1.8-beta

v2.1.9-beta

v2.2.1-beta

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v3.*

v3.1.1-beta

v3.1.10

v3.1.11

v3.1.12

v3.1.2-beta

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2.1

v3.2.2

v3.2.3

v3.3.1

v3.3.2

v3.3.3

v3.4.1

v3.4.2

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6-alpha

v3.7.1

v3.7.1-alpha

v3.7.2

v3.7.3

v3.7.4

v3.7.4-alpha

v3.7.5

v3.8.1

v3.8.1-alpha

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.5-alpha

v3.9.1

v3.9.1-alpha

v3.9.2

v3.9.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51379.json"