CVE-2024-56377 – REDCap Stored Cross-Site Scripting (XSS) Vulnerability

1月 10, 2025
12:18 am

CVE ID : CVE-2024-56377

Published : Jan. 9, 2025, 11:15 p.m. | 1 hour, 3 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-56377 – REDCap Stored Cross-Site Scripting (XSS) Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12473 – “AI Scribe SQL Injection Vulnerability in WordPress Plugin”

CVE-2024-12606 – “AI Scribe – WordPress Plugin Data ModificationPrivilege Escalation Vulnerability”

CVE-2024-56376 – REDCap Cross-Site Scripting (XSS)