CVE-2024-56376 Information

Description

A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message the crafted payload is executed potentially enabling the execution of arbitrary web scripts.

Reference

https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE-2024-56376/README.md https://www.evms.edu/research/resources_services/redcap/redcap_change_log/