diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56310.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56310.json new file mode 100644 index 00000000000..658de48540e --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56310.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-56310", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-22T21:15:16.433", + "lastModified": "2024-12-22T21:15:16.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", + "source": "cve@mitre.org" + }, + { + "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56311.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56311.json new file mode 100644 index 00000000000..12c59b37e9c --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56311.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-56311", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-22T21:15:16.600", + "lastModified": "2024-12-22T21:15:16.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", + "source": "cve@mitre.org" + }, + { + "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56312.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56312.json new file mode 100644 index 00000000000..33e43bf0059 --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56312.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-56312", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-22T22:15:05.630", + "lastModified": "2024-12-22T22:15:05.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", + "source": "cve@mitre.org" + }, + { + "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56313.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56313.json new file mode 100644 index 00000000000..fbc1886ca02 --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56313.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-56313", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-22T22:15:06.540", + "lastModified": "2024-12-22T22:15:06.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", + "source": "cve@mitre.org" + }, + { + "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-563xx/CVE-2024-56314.json b/CVE-2024/CVE-2024-563xx/CVE-2024-56314.json new file mode 100644 index 00000000000..ae581a0f743 --- /dev/null +++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56314.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-56314", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-12-22T22:15:06.670", + "lastModified": "2024-12-22T22:15:06.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap", + "source": "cve@mitre.org" + }, + { + "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8df2023b8bf..90057ff8f44 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-22T15:00:19.793363+00:00 +2024-12-22T23:00:19.687430+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-22T14:15:04.923000+00:00 +2024-12-22T22:15:06.670000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274548 +274553 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -- [CVE-2024-12895](CVE-2024/CVE-2024-128xx/CVE-2024-12895.json) (`2024-12-22T14:15:04.923`) +- [CVE-2024-56310](CVE-2024/CVE-2024-563xx/CVE-2024-56310.json) (`2024-12-22T21:15:16.433`) +- [CVE-2024-56311](CVE-2024/CVE-2024-563xx/CVE-2024-56311.json) (`2024-12-22T21:15:16.600`) +- [CVE-2024-56312](CVE-2024/CVE-2024-563xx/CVE-2024-56312.json) (`2024-12-22T22:15:05.630`) +- [CVE-2024-56313](CVE-2024/CVE-2024-563xx/CVE-2024-56313.json) (`2024-12-22T22:15:06.540`) +- [CVE-2024-56314](CVE-2024/CVE-2024-563xx/CVE-2024-56314.json) (`2024-12-22T22:15:06.670`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 3b21f8dd8de..2d581b0b38f 100644 --- a/_state.csv +++ b/_state.csv @@ -245067,7 +245067,7 @@ CVE-2024-12891,0,0,7ebac0a9d3d20767a83eb870ae0e9b46ff87f28b68582274874201c5dc876 CVE-2024-12892,0,0,78fb726b8df2a16fb6eb0917a0a0e88fecc9c6f1f88ab8ca30a5dd210b4e649f,2024-12-22T08:15:04.870000 CVE-2024-12893,0,0,0cecbca340b22ce3e457e2f182e11f58f94f145b2638c6f827bb0ed4008214df,2024-12-22T08:15:06.083000 CVE-2024-12894,0,0,38ca8339bb6400ff08caeebde70032264a7662949504841ad5ff150add3fcd6e,2024-12-22T12:15:16.203000 -CVE-2024-12895,1,1,2693178457c1a41a6444992ddd10869064ffff2889e27b11cf327858c567765e,2024-12-22T14:15:04.923000 +CVE-2024-12895,0,0,2693178457c1a41a6444992ddd10869064ffff2889e27b11cf327858c567765e,2024-12-22T14:15:04.923000 CVE-2024-1290,0,0,7c95f47c5c3e77faa57d4558ce65f60c9fa0ea7551f118126af89c59b8448f97,2024-11-21T08:50:14.680000 CVE-2024-1291,0,0,52c4840726a3cf584db63abe3d1006ff575604ba403c25fca89470816948ce5e,2024-11-21T08:50:14.863000 CVE-2024-1292,0,0,38d9bc6a557167174bf37c6662c68d5de6a783380fb5a30941c923054e3f2f16,2024-11-21T08:50:14.983000 @@ -270825,6 +270825,11 @@ CVE-2024-5628,0,0,755412ba03c7f502c54c635c9705b96a4154da09bb9bfca64f93d1d41d08cf CVE-2024-5629,0,0,f9daa1fe2950a7ccef0838fb6e6cae4a7319a3ab1da6174da12e5faf2c955f5a,2024-11-21T09:48:02.860000 CVE-2024-5630,0,0,50874e31f2d6c9403bb3dbaf933b8b3f439196ea7c18b531eba9bc061324fe0f,2024-11-21T09:48:03.020000 CVE-2024-5631,0,0,2a74e658158bae900a85436e92fd017c375ea2371e9ccb7b5a67e7bbd481f6b3,2024-11-21T09:48:03.210000 +CVE-2024-56310,1,1,fd778eb590d1fbb32130fffba54ed545129192edf10e26cf3a21b5e6459b501d,2024-12-22T21:15:16.433000 +CVE-2024-56311,1,1,e2eae5ad5d224b6d2217bcfe83f7bd65df83e28c0bec948bad3706d862749a90,2024-12-22T21:15:16.600000 +CVE-2024-56312,1,1,b3ff8a8f9068c3a156742e12a6bc627bc59e105684871a4faad004e80a37c8af,2024-12-22T22:15:05.630000 +CVE-2024-56313,1,1,bab8100491ae46d1acfcde4c0f557fb02ee2d8f1cf2ffae579d4a3928d2f1703,2024-12-22T22:15:06.540000 +CVE-2024-56314,1,1,5c94b3924b2872303b1ac6d2c357e874b9bf8bb914ff58119e06c5cd125443ca,2024-12-22T22:15:06.670000 CVE-2024-56317,0,0,b4a1e923d734c9748bfefb232cd94998c16ae77377149acd2e40ce01c1c90af8,2024-12-18T23:15:18.023000 CVE-2024-56318,0,0,41fe9d7571c5ddeaf622da00eaaa1951e3cb55078c3acd81346bfd3e36464d15,2024-12-19T00:15:06.897000 CVE-2024-56319,0,0,2db5aea7f2e2c0716ff3ae059d9992998ac87c8ff6e8b34fca05f1a112cb61c5,2024-12-18T23:15:18.373000