Описание
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Release NotesThird Party Advisory
- Product
- ExploitThird Party AdvisoryVDB Entry
- Release NotesThird Party Advisory
- Product
Уязвимые конфигурации
EPSS
9 Critical
CVSS3
3.5 Low
CVSS2
Дефекты
Связанные уязвимости
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of REDCap 11.2.5 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.
EPSS
9 Critical
CVSS3
3.5 Low
CVSS2