...

For  more details refer: User managementManagement 

Active Users' Report

Super administrators can view and generate active users' report for a specific time interval. This is useful to understand the usage of OpenSpecimen at a center especially when multiple users from different groups are using the instance.

...

The release build v6.2.RC2 has some very important security fixes. The security vulnerabilities that are fixed in this release build are listed below:

1. Cross-site request forgery: The attacker performs unwanted OpenSpecimen activities using the authentication session without the user's knowledge or interaction. The attacker exploits OpenSpecimen's trust

...

in the user's browser.

2. Potential cross-site scripting: The attacker uses OpenSpecimen to send malicious code in the form of JavaScript to unsuspecting users. The end user's browser executes the script, which can result in revealing

...

cookies, tokens and other sensitive information used by the browser for communication with OpenSpecimen. The attacker exploits the browser's trust

...

in OpenSpecimen.

3. Unsafe cross-origin destination: When the end-users add links to external websites (as in CP SOP) that are affected by malicious code, then the affected website can trick the OpenSpecimen users to reveal the

...

sensitive information and further spread the malicious code.

4. CSV injection: In this attack, disgruntled OpenSpecimen users (Biobank staff) upload specially crafted data that allows them to execute malicious code on other users' computers when the victims export and open the CSV data file.

5. Unrestricted file uploads: In this attack, disgruntled OpenSpecimen users (Biobank staff) upload malicious code files (.exe) that

...

are executed on other users' computers when the victims click or download the file links.

REDCap Integration Improvements

...