CVE-2025-23112

Medium CVSS: 6.1

An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload.

Vendor

Vanderbilt

Product

Redcap

CWE

CWE-79

Yayın Tarihi

2025-01-10 22:15:27

Güncelleme

2025-02-25 16:14:20

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Redcap MEDIUM Vanderbilt 2025

Referanslar

https://github.com/ping-oui-no/Vulnerability-Research-CVESS/blob/main/RedCap/CVE_ZZZZ/README.md

Benzer Kayıtlar

Medium

CVE-2024-55374

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

Medium

CVE-2024-37394

A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users…

Medium

CVE-2024-37395

A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated us…

Medium

CVE-2024-37396

A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users t…

Low

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while perfo…

Medium

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject fiel…