Advisory Details

Published: Fri 10 Jan 2025

CVE-2025-23111

An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent.

References (Advisories, Solutions, and Tools):

Note: This product uses data from the NVD API but is not endorsed or certified by the NVD.

Join our newsletter!

Click to subscribe

Stay informed with product updates and security tips delivered to your inbox; no spam.