Unrated severityNVD Advisory· Published Oct 31, 2020· Updated Aug 4, 2024
CVE-2020-27359
CVE-2020-27359
Description
A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a message and send it to anyone on the platform including admins. The XSS payload would execute on the other account without interaction from the user on several pages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: >=8.11.6, <10
Patches
Vulnerability mechanics
References
2- www.evms.edu/research/resources_services/redcap/redcap_change_log/mitrex_refsource_MISC
- www.ruse.tech/blog/38mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.