6 matches found
CVE-2024-37395
A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...
CVE-2024-37395
REDCap 13.1.9.x stores XSS in the Public Survey page: authenticated users can inject scripts via the Survey Title and Survey Instructions. The vulnerability triggers when the survey is accessed via its public link. Remediation is to update to 14.2.1 or later (per the CVE description). The connect...
CVE-2024-56377
A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...
CVE-2024-56377
A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...
CVE-2024-56377
A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...
CVE-2018-17003
In LimeSurvey 3.14.7, HTML Injection and Stored XSS have been discovered in the appendix via the surveylstitle parameter to /index.php?r=admin/survey/sa/insert...