Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:vanderbilt:redcap:8.6.2:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-37798 |
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. Published: September 07, 2023; 3:15:47 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-37361 |
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. Published: July 24, 2023; 9:15:09 PM -0400 |
V3.1: 2.7 LOW V2.0:(not available) |
CVE-2022-42715 |
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. Published: October 12, 2022; 9:15:10 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2021-42136 |
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. Published: April 13, 2022; 12:15:09 PM -0400 |
V3.1: 9.0 CRITICAL V2.0: 3.5 LOW |
CVE-2019-17121 |
REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. Published: October 03, 2019; 11:15:10 PM -0400 |
V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15127 |
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. Published: August 21, 2019; 3:15:13 PM -0400 |
V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-13029 |
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. Published: July 11, 2019; 3:15:13 PM -0400 |
V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |