CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

CVE-2024-37396

REDCap 13.1.9 is affected by a stored XSS in the Calendar component (Notes field). authenticated users can inject scripted HTML that is executed when the calendar event is viewed. The issue is caused by improper handling of input in the calendar event notes, leading to script execution in the con...

CVE-2024-37394

CVE-2024-37394 (REDCap) : A stored XSS in REDCap 13.1.9 affects the Project Dashboards, allowing authenticated users to inject payloads into the Dashboard title and content. Exploitation leads to execution of malicious scripts when the dashboard is viewed. Red Hat CVE records mirror this issue fo...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application from the REDCap open source. A cross-site scripting vulnerability exists in REDCap version 13.1.9, which stems from a stored cross-site scripting vulnerability in the Public Surveys feature, and could lead to the execution of arbitrary we...

CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application from the REDCap open source. A cross-site scripting vulnerability exists in REDCap version 13.1.9, which stems from a stored cross-site scripting vulnerability in the Calendar functionality, and could lead to the execution of arbitrary we...

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application from the REDCap open source. A cross-site scripting vulnerability exists in REDCap version 13.1.9, which stems from a stored cross-site scripting vulnerability in the Project Dashboard, and could lead to an authenticated user executing...

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

PT-2025-24817 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 13.1.9 Description: A stored cross-site scripting XSS issue in the Public Survey function allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Survey Title and Survey...

CVE-2024-37395

REDCap 13.1.9.x stores XSS in the Public Survey page: authenticated users can inject scripts via the Survey Title and Survey Instructions. The vulnerability triggers when the survey is accessed via its public link. Remediation is to update to 14.2.1 or later (per the CVE description). The connect...

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

PT-2025-24818 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 13.1.9 Description: A stored cross-site scripting XSS issue in the Calendar function allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Notes field of a calendar event. Th...

PT-2025-24892 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 13.1.9 Description: A stored cross-site scripting XSS issue in the Project Dashboards allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Dashboard title and Dashboard...

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...

CVE-2024-56310

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery CSRF attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and...

CVE-2024-56313

A stored cross-site scripting XSS vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of...

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

CVE-2024-56314

A stored cross-site scripting XSS vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the...