CVE

CVE-2021-42136

admin

CVE-2021-42136

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of REDCap 11.2.5 allows remote attackers to execute JavaScript code in the client’s browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.

Source: CVE-2021-42136

Exit mobile version