CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-42136

CRITICAL
9.0
CVSS Severity Score
EPSS Score0.0600%
EPSS Percentile12.67th
Published2022年4月13日
Last Modified2024年11月21日

Vulnerability Description

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.

Affected Platforms (CPE)

📦
Vanderbilt

Redcap

< 11.4.0

References & Advisories

🔗 http://packetstormsecurity.com/files/166723/REDCap-Cross-Site-Scripting.html
🔗 https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf
🔗 https://www.project-redcap.org/
🔗 http://packetstormsecurity.com/files/166723/REDCap-Cross-Site-Scripting.html
🔗 https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf
🔗 https://www.project-redcap.org/

相關漏洞威脅

CVE-2013-461110.0

Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving...

CVE-2013-461010.0

Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown...

CVE-2020-267129.8

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the additio...

CVE-2017-109618.8

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.