CVE-2024-51380

CVSS 3.1 Score 8.4 of 10 (high)

Details

Published Nov 5, 2024

Updated: Nov 6, 2024

CWE ID 79

Summary

CVE-2024-51380 is a Stored Cross-Site Scripting (XSS) vulnerability identified in the Properties Component of JATOS v3.9.3. An attacker can exploit this flaw by injecting malicious JavaScript into the UUID field of a study's properties. When an admin user accesses the study's properties, the injected script is executed in their browser, potentially granting unauthorized access or privilege escalation. This vulnerability poses a significant risk to admin users and could lead to serious security consequences. It is recommended that affected users update to the latest version of JATOS to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/z7XZNn
https://www.cve.org/CVERecord?id=CVE-2024-51380
https://nvd.nist.gov/vuln/detail/CVE-2024-51380

Back to Vulnerability Database

CVE-2024-51380

CVSS 3.1 Score 8.4 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations