Lucene search
K

54 matches found

NVD
NVD
added 2024/11/05 7:15 p.m.26 views

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

8.4CVSS0.00591EPSS
Exploits1References1
NVD
NVD
added 2024/11/05 7:15 p.m.24 views

CVE-2024-51381

Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an...

8.4CVSS0.00232EPSS
Exploits1References1
NVD
NVD
added 2024/11/05 7:15 p.m.12 views

CVE-2024-51382

Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the syste...

8.4CVSS0.00232EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.4 views

PT-2024-34614 · Jatos · Jatos

Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.3 Description: A Stored Cross-Site Scripting XSS issue has been found, where an attacker can inject JavaScript into the description field of the study section. This allows malicious scripts to run when an admin views the...

8.4CVSS5.5AI score0.00591EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

JATOS 安全漏洞

JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version v3.9.3. An attacker exploiting this vulnerability could perform administrator-only operations, including creating an administrator account...

8.4CVSS6.7AI score0.00232EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.4 views

JATOS 安全漏洞

JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version v3.9.3. An attacker exploiting this vulnerability could hijack the administrator account and compromise the integrity and security of the system...

8.4CVSS6.7AI score0.00232EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/05 12:0 a.m.15 views

CVE-2024-51380

Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...

0.00467EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/05 12:0 a.m.10 views

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

5.6AI score0.00591EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

JATOS 安全漏洞

JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version v3.9.3. An attacker can elevate privileges by exploiting the vulnerability...

8.4CVSS6.8AI score0.00467EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/05 12:0 a.m.23 views

CVE-2024-51381

Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an...

0.00232EPSS
Exploits1References1
CVE
CVE
added 2024/11/05 12:0 a.m.51 views

CVE-2024-51382

The CVE-2024-51382 issue affects JATOS v3.9.3 and is described as a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to reset the administrator password . This could lead to unauthorized admin access and compromise the platform’s integrity and security. Roots: CSRF in the p...

8.4CVSS7.1AI score0.00232EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.4 views

PT-2024-34617 · Jatos · Jatos

Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.3 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to reset the administrator's password, resulting in unauthorized access to the platform. This can enable attackers to hijack admin accounts and...

8.4CVSS6.5AI score0.00232EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

JATOS 安全漏洞

JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version v3.9.3. An attacker exploiting the vulnerability could inject JavaScript into the description field...

8.4CVSS6.4AI score0.00591EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/05 12:0 a.m.12 views

CVE-2024-51382

Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the syste...

7AI score0.00232EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/05 12:0 a.m.31 views

CVE-2024-51379

Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...

0.00591EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/05 12:0 a.m.5 views

PT-2024-34615 · Jatos · Jatos

Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.3 Description: A Stored Cross-Site Scripting XSS issue was found in the Properties Component, allowing an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. Wh...

8.4CVSS5.3AI score0.00467EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2024/11/05 12:0 a.m.16 views

CVE-2024-51380

Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...

5.4AI score0.00467EPSS
Exploits1References1
CVE
CVE
added 2024/11/05 12:0 a.m.62 views

CVE-2024-51379

CVE-2024-51379: Stored XSS in JATOS v3.9.3 (description component of the study section) enables an attacker to inject JavaScript that executes when an admin views the description, potentially leading to account takeover; description notes the vulnerability but does not specify a patch in the prov...

8.4CVSS5.6AI score0.00591EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/11/05 12:0 a.m.64 views

CVE-2024-51381

Summary: CVE-2024-51381 is a CSRF flaw in JATOS v3.9.3 that lets attackers perform administrator-only actions, including creating admin accounts. The Red Hat, NVD, OSV, CNNVD, and CVE records corroborate the issue across sources. Affected component/version: JATOS 3.9.3. Root cause / nature: Cross...

8.4CVSS7.2AI score0.00232EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/11/05 12:0 a.m.14 views

CVE-2024-51382

Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the syste...

0.00232EPSS
Exploits1References1
Rows per page
Query Builder