Stored Cross-Site Scripting Vulnerability in REDCap by Vanderbilt University
CVE-2022-24127

5.4MEDIUM

Key Information:

Vendor: Vanderbilt
Status: Redcap
Vendor: CVE Published:; 15 June 2022

What is CVE-2022-24127?

An XSS vulnerability has been identified in the REDCap application, specifically within the edit_project_settings.php file. This flaw permits users with project management permissions to inject arbitrary JavaScript code into the app_title field when modifying an existing project. Consequently, this injected code can be executed in the context of other users who view the project, posing a significant security risk. Users are advised to review their project settings and update to secure versions to mitigate vulnerability exposure.

References

https://www.evms.edu/research/resources_services/redcap/r...

x_refsource_MISC

https://labs.nettitude.com/blog/cve-2022-24004-cve-2022-2...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2022
Vulnerability Reserved
Jan 29, 2022