CVE-2024-51379 — HIGH (8.4)

Vulnerability Description

Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Jatos	Jatos	3.9.3

Related Weaknesses (CWE)

CWE-79

References

https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-3-stored-xss-descriptExploitThird Party Advisory

FAQ

What is CVE-2024-51379?

CVE-2024-51379 is a vulnerability with a CVSS score of 8.4 (HIGH). Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the...

How severe is CVE-2024-51379?

CVE-2024-51379 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-51379?

Check the references section above for vendor advisories and patch information. Affected products include: Jatos Jatos.