N/A

Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered.

N/A

N/A

jamovi 跨站脚本漏洞

jamovi是jamovi开源的一个应用软件。一个免费且开放的统计平台。 Jamovi 1.6.18版本及之前版本存在安全漏洞，攻击者可利用该漏洞可以创建一个包含有效负载的.omv (Jamovi)文档。被受害者打开后，有效载荷就会被触发。

N/A

N/A