CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

PT-2025-24817 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 13.1.9 Description: A stored cross-site scripting XSS issue in the Public Survey function allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Survey Title and Survey...

CVE-2024-37395

REDCap 13.1.9.x stores XSS in the Public Survey page: authenticated users can inject scripts via the Survey Title and Survey Instructions. The vulnerability triggers when the survey is accessed via its public link. Remediation is to update to 14.2.1 or later (per the CVE description). The connect...

Limited Canva Creator Data Exposed Via AI Chatbot Database

A Chroma database operated by Russian AI chatbot startup My Jedai was found exposed online, leaking survey responses…...

Usability of Token-Based and Remote Electronic Signatures: a User Experience Study

As electronic signatures e-signatures become increasingly integral to secure digital transactions, understanding their usability and security perception from an end-user perspective has become crucial. This study empirically evaluates and compares two major e-signature systems -- token-based and...

CVE-2024-42901

A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file...

CVE-2024-24506

Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...

CVE-2024-27996

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5...

CVE-2024-27966

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2...

CVE-2024-28635

Cross Site Scripting XSS vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form...

CVE-2024-24309

In the module "Survey TMA" ecomizsurveytma up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction...

CVE-2024-0721

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2024-56002

Missing Authorization vulnerability in mightyforms Contact Form, Survey & Form Builder – MightyForms mightyforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey & Form Builder – MightyForms: from n/a through = 1.3.9...

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

CVE-2024-5606

The Quiz and Survey Master QSM WordPress plugin before 9.0.2 is vulnerable does not validate and escape the questionid parameter in the qsmbulkdeletequestionfromdatabase AJAX action, leading to a SQL injection exploitable by Contributors and above role...

CVE-2024-50426

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through = 5.0.2...

CVE-2024-6879

The Quiz and Survey Master QSM WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allows contributor and above roles to perform Stored Cross-Site Scripting XSS attacks...

CVE-2024-8758

The Quiz and Survey Master QSM WordPress plugin before 9.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...