Stored Cross-Site Scripting Vulnerability in REDCap by Vanderbilt University
CVE-2022-24004

5.4MEDIUM

Key Information:

Vendor

Vanderbilt

Status
Redcap
Vendor
CVE Published:
15 June 2022

What is CVE-2022-24004?

A Stored Cross-Site Scripting (XSS) vulnerability exists in REDCap 12.0.11, specifically within the messenger/messenger_ajax.php file. This vulnerability allows an authenticated user to inject malicious scripts into the messenger title (new_title) field while editing a conversation. The injected payload is executed in the browsers of any participant engaged in the conversation, potentially compromising user data and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://www.evms.edu/research/resources_services/redcap/r...
x_refsource_MISC
https://labs.nettitude.com/blog/cve-2022-24004-cve-2022-2...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.