Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.4 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

6.1CVSS6.2AI score0.0022EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 6:31 p.m.5 views

EUVD-2025-37043

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

6.1CVSS5.8AI score0.0022EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 6:15 p.m.9 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

6.1CVSS0.0022EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 12:0 a.m.3 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

5.9AI score0.0022EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/30 12:0 a.m.12 views

CVE-2025-56313

A Reflected Cross-Site Scripting XSS vulnerability was discovered in the /publix/run endpoint of JATOS 3.7.1 through 3.9.6 inclusive. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the "code" URL parameter. When an...

0.0022EPSS
Exploits0References2
CVE
CVE
added 2025/10/30 12:0 a.m.15 views

CVE-2025-56313

CVE-2025-56313 : A reflected XSS in JATOS (versions 3.7.1–3.9.6) affects the /publix/run endpoint where a malicious payload placed in the URL parameter “code” can execute in an authenticated admin’s browser. Root cause: insufficient input filtering on the code parameter. Impact: potential unautho...

6.1CVSS5.9AI score0.0022EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44439

Name of the Vulnerable Software and Affected Versions JATOS versions 3.7.1 through 3.9.6 Description A Reflected Cross-Site Scripting XSS issue exists in JATOS. This allows remote attackers to execute arbitrary JavaScript in a user's web browser by including a malicious payload in the code URL...

6.1CVSS6.2AI score0.0022EPSS
Exploits0References6
Rows per page
Query Builder