Vanderbilt

Redcap

40 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2024-56313

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.12.2024 22:15:06
  • Zuletzt bearbeitet 22.04.2025 15:43:40

A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is execu...

5.4

CVE-2024-56312

Exploit
  • EPSS 0.13%
  • Veröffentlicht 22.12.2024 22:15:05
  • Zuletzt bearbeitet 22.04.2025 15:43:32

A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard na...

8.8

CVE-2024-56311

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.12.2024 21:15:16
  • Zuletzt bearbeitet 22.04.2025 15:43:27

REDCap through 14.9.6 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a lo...

8.8

CVE-2024-56310

Exploit
  • EPSS 0.06%
  • Veröffentlicht 22.12.2024 21:15:16
  • Zuletzt bearbeitet 22.04.2025 15:37:46

REDCap through 14.9.6 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the maliciou...

6.1

CVE-2024-45527

Exploit
  • EPSS 0.09%
  • Veröffentlicht 02.09.2024 05:15:17
  • Zuletzt bearbeitet 30.04.2025 16:44:33

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website.

6.5

CVE-2023-38825

Exploit
  • EPSS 0.07%
  • Veröffentlicht 21.03.2024 02:48:14
  • Zuletzt bearbeitet 05.03.2025 18:24:35

SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php.

5.4

CVE-2023-37798

Exploit
  • EPSS 0.08%
  • Veröffentlicht 07.09.2023 19:15:47
  • Zuletzt bearbeitet 21.11.2024 08:12:16

A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.

2.7

CVE-2023-37361

Exploit
  • EPSS 0.05%
  • Veröffentlicht 25.07.2023 01:15:09
  • Zuletzt bearbeitet 21.11.2024 08:11:34

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.

6.1

CVE-2022-42715

Exploit
  • EPSS 0.46%
  • Veröffentlicht 12.10.2022 13:15:10
  • Zuletzt bearbeitet 15.05.2025 18:15:32

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.

5.4

CVE-2022-24127

Exploit
  • EPSS 0.16%
  • Veröffentlicht 15.06.2022 19:15:10
  • Zuletzt bearbeitet 21.11.2024 06:49:51

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title)...