CVE-2024-51379

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 79

Summary

CVE-2024-51379 is a stored Cross-Site Scripting (XSS) vulnerability identified in JATOS v3.9.3. The flaw lies within the description component of the study section, which allows an attacker to inject malicious JavaScript code into the description field. This can be exploited when an administrator views the description, resulting in the execution of malicious scripts. The attacker may gain unauthorized access to accounts or perform unintended actions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z7XrCQ
https://www.cve.org/CVERecord?id=CVE-2024-51379
https://nvd.nist.gov/vuln/detail/CVE-2024-51379

Back to Vulnerability Database

CVE-2024-51379

CVSS 3.1 Score 8.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations