Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redcap vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-26713
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login ...
Vanderbilt Redcap 10.0.20
Vanderbilt Redcap 10.3.4
3.5
CVSSv2
CVE-2019-13029
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 prior to 8.10.20 and 9 prior to 9.1.2 allow an malicious user to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Vanderbilt Redcap
1 EDB exploit
3.5
CVSSv2
CVE-2021-42136
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap prior to 11.4.0 allows remote malicious users to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged ...
Vanderbilt Redcap
NA
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap prior to 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
Vanderbilt Redcap
6.8
CVSSv2
CVE-2017-10961
REDCap prior to 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
Vanderbilt Redcap
4.3
CVSSv2
CVE-2017-10962
REDCap prior to 7.5.1 has XSS via the query string.
Vanderbilt Redcap
4
CVSSv2
CVE-2017-7351
A SQL injection issue exists in a file upload handler in REDCap 7.x prior to 7.0.11 via a trailing substring to SendITController:upload.
Vanderbilt Redcap
1 Github repository
NA
CVE-2023-37361
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
Vanderbilt Redcap
4
CVSSv2
CVE-2020-27358
An issue exists in REDCap 8.11.6 up to and including 9.x prior to 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter...
Vanderbilt Redcap
1 Github repository
3.5
CVSSv2
CVE-2019-17121
REDCap prior to 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.
Vanderbilt Redcap
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »