Security Advisory

CVE-2022-24004

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-15 18:16:21

Last updated 2024-08-03 03:59:23

Assigner mitre

State PUBLISHED

Description

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown.

← Browse all CVEs View on cve.org ↗