REDCap HTML Injection Vulnerability Allowing Phishing Redirection

Vulnerability

A vulnerability allowing HTML injection has been identified in REDCap version 14.9.6. This issue arises in the Survey field name, where an attacker can inject malicious HTML that redirects users to a phishing website. When the survey recipient clicks on the field name, they are taken to the phishing site, potentially leading to unauthorized actions being performed without the user's consent.

Impact

Exploitation of this vulnerability could result in users being redirected to phishing websites, where they may be tricked into providing sensitive information or performing actions that could compromise their security.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

1.7

exploitability

6.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

REDCap HTML Injection Vulnerability Allowing Phishing Redirection

Vulnerability

Impact

Affected Products

REDCap

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating