CVE-2024-56376 MEDIUM

CVE-2024-56376

Vendor Vanderbilt
Product REDCap
Weakness CWE-79 · XSS
Published January 9, 2025
Last update January 10, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.

Key dates

02Disclosure timeline

January 9, 2025 CVE published
January 10, 2025 Record updated