CVE-2025-23110

Medium CVSS: 6.1

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload.

Vendor

Vanderbilt

Product

Redcap

CWE

CWE-79

Yayın Tarihi

2025-01-10 22:15:27

Güncelleme

2025-02-25 16:46:57

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Redcap MEDIUM Vanderbilt 2025

Referanslar

https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE_VVVVVV/README.md

Benzer Kayıtlar

Medium

CVE-2024-55374

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

Medium

CVE-2024-37394

A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users…

Medium

CVE-2024-37395

A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated us…

Medium

CVE-2024-37396

A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users t…

Low

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while perfo…

Medium

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redire…