An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jan 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload. | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-01-10T00:00:00
Updated: 2025-01-10T22:03:30.880Z
Reserved: 2025-01-10T00:00:00
Link: CVE-2025-23110
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-01-10T22:15:27.550
Modified: 2025-01-10T22:15:27.550
Link: CVE-2025-23110
Redhat
No data.