CVE-2024-56376

Medium CVSS: 5.4

A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.

Vendor

Vanderbilt

Product

Redcap

CWE

CWE-79

Yayın Tarihi

2025-01-09 23:15:07

Güncelleme

2025-01-16 21:10:10

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Redcap MEDIUM Vanderbilt 2025

Referanslar

https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE-2024-56376/README.md https://www.evms.edu/research/resources_services/redcap/redcap_change_log/

Benzer Kayıtlar

Medium

CVE-2024-55374

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

Medium

CVE-2024-37394

A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users…

Medium

CVE-2024-37395

A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated us…

Medium

CVE-2024-37396

A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users t…

Low

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while perfo…

Medium

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject fiel…