PT-2025-24817 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 13.1.9 Description: A stored cross-site scripting XSS issue in the Public Survey function allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Survey Title and Survey...

CVE-2023-37361

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, apptitle, or randomization...

CVE-2020-26713

REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session informati...

CVE-2025-23112

An issue was discovered in REDCap 14.9.6. A stored cross-site scripting XSS vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload...

CVE-2023-37361

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, apptitle, or randomization...