_Yuri_Arcurs_alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "XSS Vulnerabilities in RedCAP Pose a Risk to Academic & Scientific Research")
Researchers recently uncovered three cross-site scripting (XSS) vulnerabilities in Research Electronic Data Capture (REDCap), a widely used web application designed for creating and managing online surveys and databases for scientific and academic research purposes.
These vulnerabilities, known as CVE-2024-37394, CVE-2024-37395, and CVE-2024-37396, have the potential to enable malicious actors to execute harmful JavaScript code within victims’ browsers, ultimately putting sensitive data at risk. Trustwave’s SpiderLabs issued an advisory highlighting the severity of these vulnerabilities and the possible implications they could have on user security.
The vulnerabilities were detected within version 13.1.9 of REDCap, a platform known for its popularity among universities and research institutions for managing studies containing confidential information. The affected areas within REDCap where these vulnerabilities were found include calendar events, public surveys, and project dashboards.
Researchers involved in the discovery of these vulnerabilities were able to create proof-of-concept exploits for each vulnerable location. By injecting a basic JavaScript payload, they could trigger an alert that displayed the document domain, showcasing the potential for exploitation by cybercriminals.
The implications of these vulnerabilities are far-reaching, as threat actors could exploit them to steal sensitive data, impersonate users, manipulate the REDCap application, and gain unauthorized access to protected information. Given the severity of these risks, users are strongly advised to update their REDCap installations to version 14.2.1 or later, where Vanderbilt University has implemented fixes to address these vulnerabilities and enhance overall security measures.
By taking necessary precautions and ensuring their systems are updated with the latest patches, users can protect themselves from potential exploitation and safeguard their sensitive data from malicious threats. The proactive approach to addressing vulnerabilities is crucial in maintaining the integrity and security of web applications like REDCap, especially in environments where sensitive research data is involved.