CVE-2012-6565

Name of the Vulnerable Software and Affected Versions REDCap versions prior to 4.14.3

Description A cross-site scripting issue allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels.

Recommendations For versions prior to 4.14.3, update to version 4.14.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of uppercase characters in JavaScript events within user-defined labels until a patch is applied.