54 matches found
CVE-2025-56313
A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...
EUVD-2025-37043
A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...
CVE-2025-56313
A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...
CVE-2025-56313
A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...
JATOS 安全漏洞
JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS versions 3.7.1 through 3.9.6, which stems from the code parameter in the /publix/run endpoint not being filtered correctly, which could lead to a reflective cross-site scripting attack...
CVE-2025-56313
A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...
CVE-2025-56313
CVE-2025-56313 : A reflected XSS in JATOS (versions 3.7.1–3.9.6) affects the /publix/run endpoint where a malicious payload placed in the URL parameter “code” can execute in an authenticated admin’s browser. Root cause: insufficient input filtering on the code parameter. Impact: potential unautho...
PT-2025-44439
Name of the Vulnerable Software and Affected Versions JATOS versions 3.7.1 through 3.9.6 Description A Reflected Cross-Site Scripting XSS issue exists in JATOS. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the code URL...
EUVD-2022-52138
Malicious code in bioql PyPI...
CVE-2024-51379
Stored Cross-Site Scripting XSS vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the...
CVE-2024-55008
JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...
CVE-2024-51382
Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the syste...
CVE-2024-51381
Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an...
CVE-2022-4878
A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The nam...
CVE-2024-55008
JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...
CVE-2024-55008
JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...
CVE-2024-55008
CVE-2024-55008 concerns JATOS 3.9.4, where an authentication DoS can lock out user accounts. The document set confirms the vulnerability arises from the login flow: submitting 3 incorrect login attempts per minute can trigger an account-level lockout, affecting any user regardless of privileges, ...
CVE-2024-55008
JATOS 3.9.4 contains a denial-of-service DoS vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the...
JATOS 安全漏洞
JATOS is an online learning tool from JATOS Open Source. A security vulnerability exists in JATOS version 3.9.4, which stems from the presence of a Denial of Service DoS vulnerability that allows an attacker to prevent a legitimate user from accessing their account by repeatedly sending multiple...
CVE-2024-51381
Cross-Site Request Forgery CSRF vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an...