CVE-2022-24004
15.06.2022, 19:15
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown.
Vendor | Product | Version |
---|---|---|
vanderbilt | redcap | 12.0.11 |
𝑥
= Vulnerable software versions
References