Unrated severityNVD Advisory· Published Apr 13, 2022· Updated Aug 4, 2024
CVE-2021-42136
CVE-2021-42136
Description
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <11.4.0
Patches
Vulnerability mechanics
References
3- packetstormsecurity.com/files/166723/REDCap-Cross-Site-Scripting.htmlmitrex_refsource_MISC
- redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdfmitrex_refsource_MISC
- www.project-redcap.orgmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.