CVE-2020-27359

CVE-2020-27359 is a publicized XSS in REDCap (versions 8.11.6–9.x before 10) affecting the Messenger feature. The vulnerability arises from the filename of attached images/files, which can be crafted into a message to execute arbitrary JavaScript/HTML on the recipient’s account across multiple pa...