The user must be authenticated into REDCap in order to exploit this. Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the Alerts & Notifications page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into parameters in certain AJAX requests.The user must be an admin and must be authenticated into REDCap in order to exploit this. Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered in the Database Query Tool in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into saved queries on the page.Bug exists in all REDCap versions for the past 10 years. Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the "Importing instrument from the REDCap Shared Library" page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into input elements on the page. REDCap Change Log Version 14.1.4 (released on )
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |