Home
Description
A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts.
References
www.evms.edu/...resources_services/redcap/redcap_change_log/
github.com/.../Vulnerability-Research-CVESS/tree/main/RedCap
Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.
