An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jan 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent. | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-01-10T00:00:00
Updated: 2025-01-10T22:05:32.425Z
Reserved: 2025-01-10T00:00:00
Link: CVE-2025-23111
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-01-10T22:15:27.723
Modified: 2025-01-10T22:15:27.723
Link: CVE-2025-23111
Redhat
No data.