Lucene search
K

326 matches found

Vulnrichment
Vulnrichment
added 2025/01/10 12:0 a.m.11 views

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

6.1CVSS5.8AI score0.00273EPSS
Exploits0References1
CVE
CVE
added 2025/01/10 12:0 a.m.61 views

CVE-2025-23112

CVE-2025-23112 affects REDCap 14.9.6 with a stored XSS in the Survey field name; authenticated users can trigger payloads when clicking the field name in a survey. The Red Hat and other sources confirm the same issue; no vendor-provided patch/version is specified in the provided documents. Exploi...

6.1CVSS4.7AI score0.00273EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/10 12:0 a.m.55 views

CVE-2025-23111

CVE-2025-23111 affects REDCap 14.9.6. The vulnerability arises from HTML injection via the Survey field name, enabling a phishing redirect when a survey recipient clicks the manipulated field name. The exposed risk is user-confusion leading to actions without consent, with the impact described as...

6.1CVSS6.6AI score0.00268EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/10 12:0 a.m.63 views

CVE-2025-23110

CVE-2025-23110 affects REDCap v14.9.6. A reflected XSS vulnerability exists in the email-subject field when uploading a CSV containing alert configurations; a victim who opens the uploaded data and clicks the email-subject may trigger the payload. Affected component: email-subject handling during...

6.1CVSS5.8AI score0.00273EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/01/10 12:0 a.m.56 views

CVE-2025-23113

CVE-2025-23113 affects REDCap 14.9.6. The issue is a CSRF vulnerability in the logout functionality triggered during a CSV upload of alert configuration. An HTML injection payload placed in the alert-title can be sent by an attacker; when the victim views the uploaded data and clicks the alert-ti...

8.8CVSS6.7AI score0.00156EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/10 12:0 a.m.7 views

PT-2025-4826 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A Reflected cross-site scripting XSS vulnerability exists in the email-subject field when uploading a CSV file containing a list of alert configurations. An attacker can send a CSV file with the XSS payload ...

6.1CVSS5.5AI score0.00273EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/01/10 12:0 a.m.7 views

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6 that stems from the presence of a stored cross-site scripting attack that allows an authenticated user to inject malicious script into survey field names,...

6.1CVSS5.8AI score0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/10 12:0 a.m.23 views

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website...

4.7CVSS0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/01/09 11:15 p.m.25 views

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

5.4CVSS0.00386EPSS
Exploits1References2
OSV
OSV
added 2025/01/09 11:15 p.m.4 views

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

5.4CVSS5.8AI score0.00386EPSS
Exploits1References2
NVD
NVD
added 2025/01/09 11:15 p.m.13 views

CVE-2024-56376

A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web...

5.4CVSS0.00386EPSS
Exploits1References2
OSV
OSV
added 2025/01/09 11:15 p.m.6 views

CVE-2024-56376

A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web...

5.4CVSS5.9AI score0.00386EPSS
Exploits1References2
CVE
CVE
added 2025/01/09 12:0 a.m.54 views

CVE-2024-56377

CVE-2024-56377 describes a stored cross-site scripting (XSS) vulnerability in REDCap 14.9.6 related to survey titles and survey instructions. The issue allows authenticated users to inject malicious scripts into the Survey Title field, and the payload can execute when a user interacts with the su...

5.4CVSS5.7AI score0.00386EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/01/09 12:0 a.m.19 views

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

5.4CVSS0.00386EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/01/09 12:0 a.m.13 views

CVE-2024-56376

A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web...

5.4CVSS0.00386EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.5 views

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6. An attacker can exploit the vulnerability to execute arbitrary web scripts...

5.4CVSS7.1AI score0.00386EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.4 views

PT-2025-3274 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in survey titles allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and...

5.4CVSS5.7AI score0.00386EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2025/01/09 12:0 a.m.10 views

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

5.4CVSS5.5AI score0.00386EPSS
Exploits1References2
CVE
CVE
added 2025/01/09 12:0 a.m.54 views

CVE-2024-56376

CVE-2024-56376 is a stored XSS in REDCap 14.9.6’s built-in messenger. Authenticated users can inject malicious scripts into the message field, and the payload executes when the recipient clicks the message, enabling potential arbitrary web-script execution. No fix details are provided in the init...

5.4CVSS5.6AI score0.00386EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/09 12:0 a.m.7 views

PT-2025-3273 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap allows authenticated users to inject malicious scripts into the message field. When a user clicks on the received message,...

5.4CVSS5.9AI score0.00386EPSS
Exploits1References7
Rows per page
Query Builder