Auto-Update: 2024-12-22T23:00:19.687430+00:00

2025-07-11 16:13:34 +00:00 · 2024-12-22 23:03:44 +00:00 · 2024-12-22 23:03:44 +00:00 · 3fca14bf2f
commit 3fca14bf2f
parent f1aa2c6d37
7 changed files with 140 additions and 6 deletions
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56310.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56310.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-56310",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-12-22T21:15:16.433",
+  "lastModified": "2024-12-22T21:15:16.433",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56311.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56311.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-56311",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-12-22T21:15:16.600",
+  "lastModified": "2024-12-22T21:15:16.600",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56312.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56312.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-56312",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-12-22T22:15:05.630",
+  "lastModified": "2024-12-22T22:15:05.630",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56313.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56313.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-56313",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-12-22T22:15:06.540",
+  "lastModified": "2024-12-22T22:15:06.540",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56314.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56314.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-56314",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-12-22T22:15:06.670",
+  "lastModified": "2024-12-22T22:15:06.670",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.evms.edu/research/resources_services/redcap/redcap_change_log/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-12-22T15:00:19.793363+00:00
+2024-12-22T23:00:19.687430+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-12-22T14:15:04.923000+00:00
+2024-12-22T22:15:06.670000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-274548
+274553
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `5`

- [CVE-2024-12895](CVE-2024/CVE-2024-128xx/CVE-2024-12895.json) (`2024-12-22T14:15:04.923`)
+- [CVE-2024-56310](CVE-2024/CVE-2024-563xx/CVE-2024-56310.json) (`2024-12-22T21:15:16.433`)
+- [CVE-2024-56311](CVE-2024/CVE-2024-563xx/CVE-2024-56311.json) (`2024-12-22T21:15:16.600`)
+- [CVE-2024-56312](CVE-2024/CVE-2024-563xx/CVE-2024-56312.json) (`2024-12-22T22:15:05.630`)
+- [CVE-2024-56313](CVE-2024/CVE-2024-563xx/CVE-2024-56313.json) (`2024-12-22T22:15:06.540`)
+- [CVE-2024-56314](CVE-2024/CVE-2024-563xx/CVE-2024-56314.json) (`2024-12-22T22:15:06.670`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -245067,7 +245067,7 @@ CVE-2024-12891,0,0,7ebac0a9d3d20767a83eb870ae0e9b46ff87f28b68582274874201c5dc876
 CVE-2024-12892,0,0,78fb726b8df2a16fb6eb0917a0a0e88fecc9c6f1f88ab8ca30a5dd210b4e649f,2024-12-22T08:15:04.870000
 CVE-2024-12893,0,0,0cecbca340b22ce3e457e2f182e11f58f94f145b2638c6f827bb0ed4008214df,2024-12-22T08:15:06.083000
 CVE-2024-12894,0,0,38ca8339bb6400ff08caeebde70032264a7662949504841ad5ff150add3fcd6e,2024-12-22T12:15:16.203000
-CVE-2024-12895,1,1,2693178457c1a41a6444992ddd10869064ffff2889e27b11cf327858c567765e,2024-12-22T14:15:04.923000
+CVE-2024-12895,0,0,2693178457c1a41a6444992ddd10869064ffff2889e27b11cf327858c567765e,2024-12-22T14:15:04.923000
 CVE-2024-1290,0,0,7c95f47c5c3e77faa57d4558ce65f60c9fa0ea7551f118126af89c59b8448f97,2024-11-21T08:50:14.680000
 CVE-2024-1291,0,0,52c4840726a3cf584db63abe3d1006ff575604ba403c25fca89470816948ce5e,2024-11-21T08:50:14.863000
 CVE-2024-1292,0,0,38d9bc6a557167174bf37c6662c68d5de6a783380fb5a30941c923054e3f2f16,2024-11-21T08:50:14.983000
@ -270825,6 +270825,11 @@ CVE-2024-5628,0,0,755412ba03c7f502c54c635c9705b96a4154da09bb9bfca64f93d1d41d08cf
 CVE-2024-5629,0,0,f9daa1fe2950a7ccef0838fb6e6cae4a7319a3ab1da6174da12e5faf2c955f5a,2024-11-21T09:48:02.860000
 CVE-2024-5630,0,0,50874e31f2d6c9403bb3dbaf933b8b3f439196ea7c18b531eba9bc061324fe0f,2024-11-21T09:48:03.020000
 CVE-2024-5631,0,0,2a74e658158bae900a85436e92fd017c375ea2371e9ccb7b5a67e7bbd481f6b3,2024-11-21T09:48:03.210000
+CVE-2024-56310,1,1,fd778eb590d1fbb32130fffba54ed545129192edf10e26cf3a21b5e6459b501d,2024-12-22T21:15:16.433000
+CVE-2024-56311,1,1,e2eae5ad5d224b6d2217bcfe83f7bd65df83e28c0bec948bad3706d862749a90,2024-12-22T21:15:16.600000
+CVE-2024-56312,1,1,b3ff8a8f9068c3a156742e12a6bc627bc59e105684871a4faad004e80a37c8af,2024-12-22T22:15:05.630000
+CVE-2024-56313,1,1,bab8100491ae46d1acfcde4c0f557fb02ee2d8f1cf2ffae579d4a3928d2f1703,2024-12-22T22:15:06.540000
+CVE-2024-56314,1,1,5c94b3924b2872303b1ac6d2c357e874b9bf8bb914ff58119e06c5cd125443ca,2024-12-22T22:15:06.670000
 CVE-2024-56317,0,0,b4a1e923d734c9748bfefb232cd94998c16ae77377149acd2e40ce01c1c90af8,2024-12-18T23:15:18.023000
 CVE-2024-56318,0,0,41fe9d7571c5ddeaf622da00eaaa1951e3cb55078c3acd81346bfd3e36464d15,2024-12-19T00:15:06.897000
 CVE-2024-56319,0,0,2db5aea7f2e2c0716ff3ae059d9992998ac87c8ff6e8b34fca05f1a112cb61c5,2024-12-18T23:15:18.373000