Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
REDCap 安全漏洞
Vulnerability Description
REDCap是REDCap开源的一款数据收集和管理Web应用程序。 REDCap 15.0.0及之前版本存在安全漏洞,该漏洞源于注销功能缺乏跨站请求伪造保护,攻击者可通过诱使用户点击包含恶意有效载荷的项目仪表盘名称来触发注销请求,导致用户会话终止。
CVSS Information
N/A
Vulnerability Type
N/A