CVE-2021-42136

CVE-2021-42136

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of REDCap 11.2.5 allows remote attackers to execute JavaScript code in the client’s browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.

Source: CVE-2021-42136

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다