2 matches found
CVE-2025-56313
A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...
CVE-2025-56313
CVE-2025-56313 : A reflected XSS in JATOS (versions 3.7.1–3.9.6) affects the /publix/run endpoint where a malicious payload placed in the URL parameter “code” can execute in an authenticated admin’s browser. Root cause: insufficient input filtering on the code parameter. Impact: potential unautho...