CVE-2024-56377

Medium CVSS: 5.4

A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts.

Vendor

Vanderbilt

Product

Redcap

CWE

CWE-79

Yayın Tarihi

2025-01-09 23:15:08

Güncelleme

2025-01-16 21:10:25

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Redcap MEDIUM Vanderbilt 2025

Referanslar

https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE-2024-56377/README.md https://www.evms.edu/research/resources_services/redcap/redcap_change_log/

Benzer Kayıtlar

Medium

CVE-2024-55374

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

Medium

CVE-2024-37394

A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users…

Medium

CVE-2024-37395

A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated us…

Medium

CVE-2024-37396

A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users t…

Low

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while perfo…

Medium

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject fiel…