CVE-2012-6565

REDCap before 4.14.3 exposes a cross-site scripting (XSS) flaw that lets remote authenticated users inject arbitrary web script or HTML via uppercase characters in JavaScript events inside user-defined labels. Root cause described as improper handling of uppercase characters in label-defined JS e...