CVE-2025-23112

An issue was discovered in REDCap 14.9.6. A stored cross-site scripting XSS vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload...

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website...

PT-2025-4828 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS issue allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receives the survey and clicks on the field name, it triggers...

REDCap 安全漏洞

REDCap is a data collection and management web application from REDCap Open Source. A security vulnerability exists in REDCap version 14.9.6 that stems from the presence of a stored cross-site scripting attack that allows an authenticated user to inject malicious script into survey field names,...

CVE-2025-23112

CVE-2025-23112 affects REDCap 14.9.6 with a stored XSS in the Survey field name; authenticated users can trigger payloads when clicking the field name in a survey. The Red Hat and other sources confirm the same issue; no vendor-provided patch/version is specified in the provided documents. Exploi...

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

CVE-2024-56377

A stored cross-site scripting XSS vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload whic...

PT-2025-3274 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in survey titles allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and...

CVE-2024-56377

CVE-2024-56377 describes a stored cross-site scripting (XSS) vulnerability in REDCap 14.9.6 related to survey titles and survey instructions. The issue allows authenticated users to inject malicious scripts into the Survey Title field, and the payload can execute when a user interacts with the su...

WordPress plugin WordPress Survey & Poll 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin WordPress...

PT-2025-1885 · WordPress · Wordpress Survey & Poll

Name of the Vulnerable Software and Affected Versions: WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress versions up to 1.7.5 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes ...

ZenML < 0.58.0 XSS

The version of ZenML installed on the remote host is prior to 0.57.1. It is, therefore, affected by a A reflected Cross-Site Scripting XSS vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation,...

Friday Squid Blogging: Biology and Ecology of the Colossal Squid

Good survey paper. Blog moderation policy...

CVE-2023-37984

Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10...

CVE-2023-37984

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 8.1.10...

CVE-2023-22697

Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0...

CVE-2023-22697

Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0...

CVE-2023-37984 WordPress Quiz And Survey Master plugin <= 8.1.10 - Broken Access Control vulnerability

Missing Authorization vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through = 8.1.10...

CVE-2023-37984

CVE-2023-37984 is a Missing Authorization vulnerability affecting the WordPress plugin Quiz And Survey Master (aka Quiz Master Next) up to version 8.1.10. The root cause is broken access control due to an incorrectly configured access control security level, enabling unauthorized actions when pro...