mirror of
https://github.com/0xMarcio/cve.git
synced 2026-06-01 11:01:35 +02:00
0xMarcio
901 B
901 B
CVE-2022-24004
Description
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown.
POC
Reference
Github
No PoCs found on GitHub currently.