Stored Cross-Site Scripting Vulnerability in REDCap by Vanderbilt University
CVE-2024-56377

5.4MEDIUM

Key Information:

Vendor: Vanderbilt University
Status: Redcap
Vendor: CVE Published:; 9 January 2025

🔔 Create Vanderbilt University Vulnerability Alert

What is CVE-2024-56377?

A vulnerability exists in REDCap 14.9.6 that enables authenticated users to perform stored cross-site scripting (XSS) attacks. Attackers can inject malicious scripts into the Survey Title or Survey Instructions fields. When legitimate users engage with the survey, the malicious payload is executed, potentially allowing attackers to execute arbitrary web scripts within the context of the user’s session, compromising the integrity and confidentiality of user data.

References

https://github.com/ping-oui-no/Vulnerability-Research-CVE...

https://www.evms.edu/research/resources_services/redcap/r...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2025