An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jan 2025 22:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload. | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-01-10T00:00:00
Updated: 2025-01-10T22:07:19.788Z
Reserved: 2025-01-10T00:00:00
Link: CVE-2025-23112
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-01-10T22:15:27.863
Modified: 2025-01-10T22:15:27.863
Link: CVE-2025-23112
Redhat
No data.