Dangerous XSS Bugs in RedCAP Threaten Academic & Scientific Research

  /     /     /  
Publicated : 23/11/2024   Category : security

Dangerous XSS Bugs in RedCAP Threaten Academic & Scientific Research


The security vulnerabilities, CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396, could lay open proprietary and sensitive research to data thieves.


Researchers have discovered three cross-site scripting (XSS) vulnerabilities in Research Electronic Data Capture (REDCap), a Web application developed by Vanderbilt University and used for building and managing online surveys and databases for scientific and academic researchers.
The vulnerabilities are tracked as CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396, and they could allow attackers to execute malicious JavaScript code in victims browsers, potentially compromising sensitive data, according to an advisory from Trustwaves SpiderLabs.
Researchers there identified the vulnerabilities in multiple locations within version 13.1.9 in REDCap, which is popular in universities and scientific institutions for managing studies that contain private, sensitive information. The vulnerable locations in the platform include calendar events, public surveys, and project dashboards.
Our researchers developed
proof-of-concept exploits
for each vulnerable location,
the researchers wrote
. In each case, they were able to inject a simple JavaScript payload that, when triggered, executes an alert displaying the document domain.
The vulnerabilities could allow threat actors to steal sensitive information, impersonate the victims actions, manipulate the REDCap application, and even gain access to protected data.
Its recommended that users update to REDCap version 14.2.1 or later, where Vanderbilt University has addressed these bugs, to mitigate these flaws. 

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Dangerous XSS Bugs in RedCAP Threaten Academic & Scientific Research