← back
CVE-2021-42136

CVE-2021-42136

EPSS 4.5%
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/166723/REDCap-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50877unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/166723/REDCap-Cross-Site-Scripting.htmlhttps://redcap.med.usc.edu/_shib/assets/ChangeLog_Standard.pdfhttps://www.project-redcap.org/