Published: 02/11/2020 Updated: 04/11/2020

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

A cross-site scripting (XSS) issue in REDCap 8.11.6 up to and including 9.x prior to 10 allows malicious users to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages.

Vulnerable Product	Search on Vulmon	Subscribe to Product
evms redcap

CVE-2020-27358 and CVE-2020-27359

CVE-2020-27358 / CVE-2020-27359 Exploitation steps for CVE-2020-27358 and CVE-2020-27359 CVE-2020-27358 An issue was discovered in REDCap 8116 through 9x before 10 The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter i

CWE-79 https://github.com/seb1055/cve-2020-27358-27359 https://www.evms.edu/research/resources_services/redcap/redcap_change_log/https://www.ruse.tech/blog/38 https://nvd.nist.gov https://github.com/seb1055/cve-2020-27358-27359

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-27359

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect