2 matches found
CVE-2020-27359
A cross-site scripting XSS issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a messag...
CVE-2020-27359
CVE-2020-27359 is a publicized XSS in REDCap (versions 8.11.6–9.x before 10) affecting the Messenger feature. The vulnerability arises from the filename of attached images/files, which can be crafted into a message to execute arbitrary JavaScript/HTML on the recipient’s account across multiple pa...