CVE-2024-51379

Name of the Vulnerable Software and Affected Versions JATOS version 3.9.3

Description A Stored Cross-Site Scripting (XSS) issue has been found, where an attacker can inject JavaScript into the description field of the study section. This allows malicious scripts to run when an admin views the description, potentially leading to account takeover and unauthorized actions.

Recommendations For JATOS version 3.9.3, consider disabling the description component of the study section until a patch is available to prevent the injection of malicious JavaScript code. Restrict access to this component to minimize the risk of exploitation. Avoid using the description field in the study section until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.