CVE-2013-4609

REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via 1 the Online Designer or 2 the Data Dictionary upload, as demonstrated by an eval call...

CVE-2013-4611

Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving 1 the Online Designer page or 2 the Manage Survey Participants page...

CVE-2012-6565

Cross-site scripting XSS vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels...

CVE-2019-13029

Multiple stored Cross-site scripting XSS issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser...

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website...

CVE-2025-23112

An issue was discovered in REDCap 14.9.6. A stored cross-site scripting XSS vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload...

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website...

CVE-2025-23112

An issue was discovered in REDCap 14.9.6. A stored cross-site scripting XSS vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload...

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...

CVE-2025-23112

An issue was discovered in REDCap 14.9.6. A stored cross-site scripting XSS vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload...

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6, which originated from allowing hypertext markup language injection by investigating field names, which could allow malicious actions to be performed withou...

CVE-2025-23113

An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once...

CVE-2025-23111

CVE-2025-23111 affects REDCap 14.9.6. The vulnerability arises from HTML injection via the Survey field name, enabling a phishing redirect when a survey recipient clicks the manipulated field name. The exposed risk is user-confusion leading to actions without consent, with the impact described as...

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap open source. A security vulnerability exists in REDCap version 14.9.6, which stems from the presence of a Reflective Cross-Site Scripting XSS vulnerability that allows an attacker to send a CSV file to the victim to view...