High severity8.4NVD Advisory· Published Nov 5, 2024· Updated Jun 17, 2026
CVE-2024-51379
CVE-2024-51379
Description
Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions.
Affected products
1Patches
Vulnerability mechanics
References
1- hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-3-stored-xss-description-component-de49d0077a96nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.