CVE-2020-26713

Name of the Vulnerable Software and Affected Versions: REDCap version 10.3.4

Description: The issue concerns a reflected XSS vulnerability in the ToDoList function, specifically with the sort parameter. This vulnerability occurs because user-submitted information is immediately returned in the response without proper escaping, allowing attackers to steal login session information or perform unauthorized actions by exploiting user rights.

Recommendations: For REDCap version 10.3.4, consider disabling the ToDoList function or restricting access to the sort parameter until a patch is available to prevent exploitation of this reflected XSS vulnerability.