CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

PT-2025-3273 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap allows authenticated users to inject malicious scripts into the message field. When a user clicks on the received message,...

CVE-2024-56313

A stored cross-site scripting XSS vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of...

CVE-2024-56314

A stored cross-site scripting XSS vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the...

CVE-2024-56313

A stored cross-site scripting XSS vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of...

CVE-2024-56314

A stored cross-site scripting XSS vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the...

CVE-2024-56312

A stored cross-site scripting XSS vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially...

CVE-2024-56312

A stored cross-site scripting XSS vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially...

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...

CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and...

CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and...

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...

PT-2024-36785 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions prior to 15.0.0 Description: A stored cross-site scripting XSS vulnerability in the Project name of REDCap allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the...

CVE-2024-56312

Summary: CVE-2024-56312 is a stored XSS vulnerability in REDCap’s Project Dashboard name field (affected up to version 14.9.6). An authenticated user can inject malicious scripts that execute when the Dashboard name is clicked. The issue stems from insufficient input validation in the name field ...

PT-2024-36783 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions prior to 15.0.0 Description: A stored cross-site scripting XSS vulnerability in the Project Dashboard name of REDCap allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a use...

CVE-2024-56312

A stored cross-site scripting XSS vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially...

CVE-2024-56313

REDCap

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...

REDCap 安全漏洞

REDCap is a data collection and management web application from the REDCap open source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from the system not effectively preventing the input content of the item name field, making it vulnerable to a stored cross-si...

CVE-2024-56311

CVE-2024-56311 affects REDCap’s calendar notes feature where CSRF protection is missing on logout. Affected versions range from REDCap 14.9.6 (and up to 15.0.0 per PTSecurity) with notes-based logout potentially terminating sessions when a user accesses a calendar note. Root cause: lack of CSRF p...