5 matches found
CVE-2024-51380
Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...
CVE-2024-51380
Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...
CVE-2024-51380
Stored Cross-Site Scripting XSS vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the...
PT-2024-34615 · Jatos · Jatos
Name of the Vulnerable Software and Affected Versions: JATOS version 3.9.3 Description: A Stored Cross-Site Scripting XSS issue was found in the Properties Component, allowing an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. Wh...
Properties Component for Joomla! 'aid' Parameter SQLi
The version of the Properties component for Joomla! running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'aid' parameter before using it to construct database queries. Regardless of the PHP 'magicquotesgpc' setting, an...