CVE-2024-56376
- Reference to the description:
- Description:
- A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
- Last updated date:
- 01/16/2025
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/16/2025
- Reference url to background