CVE-2024-51380

Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...

CVE-2024-51380

Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...

PT-2024-34615 · Jatos · Jatos

Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.3 Description: A Stored Cross-Site Scripting XSS issue was found in the Properties Component, allowing an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. Wh...

CVE-2024-51380

Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...

Properties Component for Joomla! 'aid' Parameter SQLi

The version of the Properties component for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'aid' parameter before using it to construct database queries. Regardless of the PHP 'magicquotesgpc' setting, an...