CVE-2024-37395 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or H…
Medium CVSS: 5.4

CVE-2024-37395

A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by attackers to execute malicious scripts when the survey is accessed through its public link. It is advised to update to version 14.2.1 or later to fix this issue.
Vendor
Vanderbilt
Product
Redcap
CWE
CWE-79
Yayın Tarihi
2025-06-10 18:15:29
Güncelleme
2025-06-16 15:15:48
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-79 Redcap MEDIUM Vanderbilt 2025

Referanslar

https://www.evms.edu/research/resources_services/redcap/redcap_change_log/ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-cross-site-scripting-xss-vulnerabilities-in-redcap-cve-2024-37394-cve-2024-37395-and-cve-2024-37396/ https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-003_XSS_REDCap_1.txt https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-cross-site-scripting-xss-vulnerabilities-in-redcap-cve-2024-37394-cve-2024-37395-and-cve-2024-37396/