A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
Metrics
Affected Vendors & Products
References
History
Tue, 24 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 | |
Metrics |
cvssV3_1
|
Sun, 22 Dec 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-22T00:00:00
Updated: 2024-12-24T02:16:16.827Z
Reserved: 2024-12-18T00:00:00
Link: CVE-2024-56314
Vulnrichment
Updated: 2024-12-24T02:16:10.976Z
NVD
Status : Awaiting Analysis
Published: 2024-12-22T22:15:06.670
Modified: 2024-12-24T03:15:08.083
Link: CVE-2024-56314
Redhat
No data.