Lucene search

K
cve[email protected]CVE-2022-42715
HistoryOct 12, 2022 - 1:15 p.m.

CVE-2022-42715

2022-10-1213:15:10
CWE-79
web.nvd.nist.gov
23
4
cve-2022-42715
reflected xss
redcap
security vulnerability
javascript code execution
nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

40.4%

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.

Affected configurations

NVD
Node
vanderbiltredcapRange<12.4.18
OR
vanderbiltredcapRange12.5.012.5.11

Social References

More

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

40.4%

Related for CVE-2022-42715