A Stored Cross-Site Scripting (XSS) vulnerability exists in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vanderbilt redcap 12.0.11 |