A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Sun, 22 Dec 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-22T00:00:00
Updated: 2024-12-24T02:19:51.410Z
Reserved: 2024-12-18T00:00:00
Link: CVE-2024-56312
Vulnrichment
Updated: 2024-12-24T02:19:45.705Z
NVD
Status : Awaiting Analysis
Published: 2024-12-22T22:15:05.630
Modified: 2024-12-24T03:15:07.770
Link: CVE-2024-56312
Redhat
No data.