{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T18:58:23.582","vulnerabilities":[{"cve":{"id":"CVE-2024-37395","sourceIdentifier":"cve@mitre.org","published":"2025-06-10T18:15:29.660","lastModified":"2025-06-16T15:15:48.497","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by attackers to execute malicious scripts when the survey is accessed through its public link. It is advised to update to version 14.2.1 or later to fix this issue."},{"lang":"es","value":"Una vulnerabilidad de cross site scripting (XSS) almacenado en la función de Encuesta Pública de REDCap 13.1.9 permite a usuarios autenticados ejecutar scripts web o HTML arbitrarios mediante la inyección de un payload manipulado en los campos \"Título de la encuesta\" e \"Instrucciones de la encuesta\". Esta vulnerabilidad podría ser explotada por atacantes para ejecutar scripts maliciosos al acceder a la encuesta a través de su enlace público. Se recomienda actualizar a la versión 14.2.1 o posterior para solucionar este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vanderbilt:redcap:*:*:*:*:*:*:*:*","versionEndExcluding":"14.2.1","matchCriteriaId":"1142BA00-A7E2-4FC5-8BA8-C39BAB119DA8"}]}]}],"references":[{"url":"https://www.evms.edu/research/resources_services/redcap/redcap_change_log/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-cross-site-scripting-xss-vulnerabilities-in-redcap-cve-2024-37394-cve-2024-37395-and-cve-2024-37396/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2024-003_XSS_REDCap_1.txt","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/multiple-cross-site-scripting-xss-vulnerabilities-in-redcap-cve-2024-37394-cve-2024-37395-and-cve-2024-37396/","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["Exploit","Third Party Advisory"]}]}}]}