XSS Vulnerability in REDCap Affects E-Signature Management
CVE-2019-17121

5.4MEDIUM

Key Information:

Vendor: Vanderbilt
Status: Redcap
Vendor: CVE Published:; 4 October 2019

What is CVE-2019-17121?

REDCap users prior to version 9.3.4 are at risk of a Cross-Site Scripting (XSS) vulnerability that can be exploited through custom text values on the Customize & Manage Locking/E-signatures page. This flaw allows attackers to inject malicious scripts, potentially compromising sensitive user data and undermining the integrity of e-signature processes.

References

https://www.evms.edu/research/resources_services/redcap/r...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2019
Vulnerability Reserved
Oct 4, 2019

Vanderbilt

What is CVE-2019-17121?

References

CVSS V3.1

Timeline