CNNVD-202510-4197 Information

CNNVD ID

CNNVD-202510-4197

Related CVE

CVE-2025-56313

• CNNVD Published: 2025-10-30

Description (Chinese)

JATOS是JATOS开源的一个在线学习工具。 JATOS 3.7.1版本至3.9.6版本存在安全漏洞，该漏洞源于/publix/run端点中code参数未正确过滤，可能导致反射型跨站脚本攻击。

Description (English)

JATOS is an online learning tool open to JATOS. There is a security loophole in JATOS 3.7.1 to 3.9.6, which stems from the incorrect filtering of code parameters at the /publix/run end point, which may lead to a reflective cross-site scrip attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

JATOS

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/JATOS/JATOS https://medium.com/@ruizramisdaniel/cve-2025-56313-jatos-v3-9-6-reflected-xss-in-study-links-af1305ae09d0 https://access.redhat.com/security/cve/cve-2025-56313

Patch

https://github.com/JATOS/JATOS/releases