Vanderbilt

Redcap

40 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2022-24004

Exploit
  • EPSS 0.27%
  • Published 15.06.2022 19:15:10
  • Last modified 21.11.2024 06:49:38

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an exist...

9

CVE-2021-42136

Exploit
  • EPSS 1.76%
  • Published 13.04.2022 16:15:09
  • Last modified 21.11.2024 06:27:20

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can t...

6.1

CVE-2020-26713

Exploit
  • EPSS 0.4%
  • Published 12.01.2021 15:15:13
  • Last modified 21.11.2024 05:20:16

REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit v...

10

CVE-2020-26712

Exploit
  • EPSS 0.7%
  • Published 12.01.2021 15:15:13
  • Last modified 21.11.2024 05:20:16

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an S...

4.3

CVE-2020-27358

Exploit
  • EPSS 3.43%
  • Published 02.11.2020 21:15:28
  • Last modified 21.11.2024 05:21:03

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the threa...

5.4

CVE-2019-17121

  • EPSS 0.21%
  • Published 04.10.2019 03:15:10
  • Last modified 21.11.2024 04:31:44

REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.

5.4

CVE-2019-15127

  • EPSS 0.34%
  • Published 21.08.2019 19:15:13
  • Last modified 21.11.2024 04:28:06

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.

7.5

CVE-2019-14937

Exploit
  • EPSS 0.48%
  • Published 17.08.2019 17:15:10
  • Last modified 21.11.2024 04:27:43

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then ...

4.8

CVE-2019-13029

  • EPSS 0.39%
  • Published 11.07.2019 19:15:13
  • Last modified 19.03.2025 20:15:16

Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser.

8.8

CVE-2017-7351

  • EPSS 0.21%
  • Published 08.02.2018 15:29:00
  • Last modified 21.11.2024 03:31:40

A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload.