Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanderbilt redcap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote malicious user to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php.
1 Github repository
5.4
CVSSv3
CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows malicious users to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
Vanderbilt Redcap
2.7
CVSSv3
CVE-2023-37361
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
Vanderbilt Redcap
6.1
CVSSv3
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap prior to 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
Vanderbilt Redcap
5.4
CVSSv3
CVE-2022-24004
A Stored Cross-Site Scripting (XSS) vulnerability exists in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes...
Vanderbilt Redcap 12.0.11
5.4
CVSSv3
CVE-2022-24127
A Stored Cross-Site Scripting (XSS) vulnerability exists in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing projec...
Vanderbilt Redcap 12.0.11
9
CVSSv3
CVE-2021-42136
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap prior to 11.4.0 allows remote malicious users to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged ...
Vanderbilt Redcap
9.8
CVSSv3
CVE-2020-26712
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability whe...
Vanderbilt Redcap 10.0.20
Vanderbilt Redcap 10.3.4
6.1
CVSSv3
CVE-2020-26713
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login ...
Vanderbilt Redcap 10.0.20
Vanderbilt Redcap 10.3.4
4.3
CVSSv3
CVE-2020-27358
An issue exists in REDCap 8.11.6 up to and including 9.x prior to 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter...
Vanderbilt Redcap
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »