PT-2024-36783 · Redcap · Redcap
Published
2024-12-22
·
Updated
2025-04-22
·
CVE-2024-56312
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
REDCap versions prior to 15.0.0
Description
A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
Recommendations
For versions prior to 15.0.0, update to version 15.0.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Project Dashboard name field to minimize the risk of exploitation. Avoid using the Project Dashboard name field until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redcap