CVE-2024-56311

CVE-2024-56311 affects REDCap’s calendar notes feature where CSRF protection is missing on logout. Affected versions range from REDCap 14.9.6 (and up to 15.0.0 per PTSecurity) with notes-based logout potentially terminating sessions when a user accesses a calendar note. Root cause: lack of CSRF p...

CVE-2024-56311

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This...

CVE-2024-56314

A stored cross-site scripting XSS vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the...

REDCap 安全漏洞

REDCap is a data collection and management web application from the REDCap open source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from a failure to effectively secure the input content of the Notes field of Calendar, making it susceptible to a stored...

CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and...

CVE-2024-56310

CVE-2024-56310 affects REDCap up to 14.9.6 and up to 15.0.0, due to missing CSRF protections on the Logout functionality. An attacker can lure a user to click a Project Dashboards name containing a payload, triggering a logout and terminating the user session. Root cause: CSRF protection absent o...

CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap 15.0.0 and earlier versions, which stems from a lack of cross-site request forgery protection in the logout functionality, which allows an attacker to trigger a logout...

CVE-2024-56313

A stored cross-site scripting XSS vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of...

CVE-2024-56313

A stored cross-site scripting XSS vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of...

PT-2024-36784 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions through 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the Calendar feature allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the...

PT-2024-36781 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 14.9.6 and earlier REDCap versions up to 15.0.0 Description: The issue stems from the absence of Cross-Site Request Forgery CSRF protections on the logout functionality in the Project Dashboards name, allowing malicious action...

PT-2024-36782 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 14.9.6 through 15.0.0 Description: The issue is related to a security flaw in the Notes section of calendar events in REDCap, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring...

CVE-2024-56314

CVE-2024-56314 affects REDCap: stored XSS in the Project name field (authenticated user input) for REDCap versions up to 14.9.6. When a user clicks the project name, the crafted payload can execute arbitrary web scripts. Root cause is an input handling flaw in the Project name field that allows s...

CVE-2024-56312

A stored cross-site scripting XSS vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially...

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...

CVE-2024-45527

REDCap 14.7.0 is affected by an HTML injection via the project title on the New Project action. The underlying issue allows injecting HTML that can trigger a logout CSRF (via index.php?logout=1) and may be used to insert a link to an external phishing site. The Red Hat/CNNVD/CVE references confir...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.7.0. An attacker can exploit the vulnerability to inject arbitrary HTML code...

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...