The user must be authenticated into REDCap in order to exploit this. Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the Alerts & Notifications page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into parameters in certain AJAX requests. The user must be an admin and must be authenticated into REDCap in order to exploit this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |