N/A

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.

N/A

N/A

REDCap 跨站脚本漏洞

REDCap是一款数据收集和管理Web应用程序。 REDCap 11.2.5 存在安全漏洞，该漏洞允许远程攻击者通过将所述代码存储为缺失数据代码值来在客户端浏览器中执行 JavaScript 代码。然后可以利用它来执行跨站点请求伪造攻击，以将权限提升给管理员。

N/A

N/A