A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
References
Link | Resource |
---|---|
https://github.com/uclahs-secops/security-research/tree/main/reports/20221011-recap-xss | Exploit Third Party Advisory |
https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf | Release Notes Third Party Advisory |
https://www.evms.edu/research/resources_services/redcap/redcap_change_log/ | Release Notes Third Party Advisory |
https://github.com/uclahs-secops/security-research/tree/main/reports/20221011-recap-xss | Exploit Third Party Advisory |
https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf | Release Notes Third Party Advisory |
https://www.evms.edu/research/resources_services/redcap/redcap_change_log/ | Release Notes Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/uclahs-secops/security-research/tree/main/reports/20221011-recap-xss - Exploit, Third Party Advisory | |
References | () https://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdf - Release Notes, Third Party Advisory | |
References | () https://www.evms.edu/research/resources_services/redcap/redcap_change_log/ - Release Notes, Third Party Advisory |
14 Oct 2022, 17:12
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-12 13:15
Updated : 2024-11-21 07:25
NVD link : CVE-2022-42715
Mitre link : CVE-2022-42715
CVE.ORG link : CVE-2022-42715
JSON object : View
Products Affected
vanderbilt
- redcap
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')