This issue does not affect Linux systems. This issue has been assigned the type A11 of the XSS series. The issue manifests itself when a user creates a new alert in REDCap. The user can then edit the alert, and when they click the “Go” button to save their changes, they are taken to a page which allows them to upload an image. The user then uploads a malicious image, and the user is then redirected to the original page, where their alert has now been successfully modified. This can be exploited by a malicious attacker to execute arbitrary code.

Mitigation

Users are advised to upgrade to the latest version of REDCap, 1.3.1 or later, which addresses this vulnerability.

References https://www.redcap-project.com/CVE-2022-42715


The importance of digital marketing to a business is not always easy to grasp, but the benefits are vast. There are many reasons why it is important to invest in digital marketing, including the ease with which you can target your audience, how you can use PPC ads to increase brand awareness, and create an authoritative online presence for your business.

CVE-2023-42716

This issue does not affect Linux systems. This issue has been assigned the type A12 of the XSS series. The type A12 of the XSS series is a variation on the attack described in CVE-2022-42715, but instead of uploading an image to trigger it, this issue uses the document object model (DOM) to perform the DOM-based XSS attack. This issue is assigned to CVE-2023 instead of CVE-2022 because it is different than and more complex than CVE-2022.

The importance of digital marketing: 6 reasons why digital marketing is important
Digital marketing is a valuable asset to your business’s growth and helps you establish an authoritative online presence. In fact, 89 percent of marketers say methods, like search engine optimization (SEO), are successful. Additionally, methods like pay-per-click (PPC) advertising increase brand awareness by as much as 80 percent.
So, why is digital marketing important? By investing in digital, you will help your business grow.

Vulnerable Code snippet

Timeline

Published on: 10/12/2022 13:15:00 UTC
Last modified on: 10/14/2022 17:12:00 UTC

References