EUVD-2025-3124

Malicious code in bioql PyPI...

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

CVE-2025-23112

CVE-2025-23112 affects REDCap 14.9.6 with a stored XSS in the Survey field name; authenticated users can trigger payloads when clicking the field name in a survey. The Red Hat and other sources confirm the same issue; no vendor-provided patch/version is specified in the provided documents. Exploi...

PT-2025-4826 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A Reflected cross-site scripting XSS vulnerability exists in the email-subject field when uploading a CSV file containing a list of alert configurations. An attacker can send a CSV file with the XSS payload ...

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

CVE-2024-56377

CVE-2024-56377 describes a stored cross-site scripting (XSS) vulnerability in REDCap 14.9.6 related to survey titles and survey instructions. The issue allows authenticated users to inject malicious scripts into the Survey Title field, and the payload can execute when a user interacts with the su...