A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
Metrics
Affected Vendors & Products
References
History
Sun, 22 Dec 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-22T00:00:00
Updated: 2024-12-22T21:09:10.812684
Reserved: 2024-12-18T00:00:00
Link: CVE-2024-56313
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-22T22:15:06.540
Modified: 2024-12-22T22:15:06.540
Link: CVE-2024-56313
Redhat
No data.