A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap prior to 11.4.0 allows remote malicious users to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vanderbilt redcap |