A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Sun, 22 Dec 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-22T00:00:00
Updated: 2024-12-24T02:18:16.428Z
Reserved: 2024-12-18T00:00:00
Link: CVE-2024-56313
Vulnrichment
Updated: 2024-12-24T02:18:09.314Z
NVD
Status : Awaiting Analysis
Published: 2024-12-22T22:15:06.540
Modified: 2024-12-24T03:15:07.927
Link: CVE-2024-56313
Redhat
No data.