Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redcap vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-26712
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability whe...
Vanderbilt Redcap 10.0.20
Vanderbilt Redcap 10.3.4
NA
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap prior to 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
Vanderbilt Redcap
3.5
CVSSv2
CVE-2020-27359
A cross-site scripting (XSS) issue in REDCap 8.11.6 up to and including 9.x prior to 10 allows malicious users to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this ...
Evms Redcap
1 Github repository
6
CVSSv2
CVE-2019-14937
REDCap prior to 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to...
Vanderbilt Redcap
3.5
CVSSv2
CVE-2019-17121
REDCap prior to 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.
Vanderbilt Redcap
4
CVSSv2
CVE-2017-7351
A SQL injection issue exists in a file upload handler in REDCap 7.x prior to 7.0.11 via a trailing substring to SendITController:upload.
Vanderbilt Redcap
1 Github repository
3.5
CVSSv2
CVE-2019-15127
REDCap prior to 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
Vanderbilt Redcap
4.3
CVSSv2
CVE-2017-10962
REDCap prior to 7.5.1 has XSS via the query string.
Vanderbilt Redcap
NA
CVE-2023-37361
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
Vanderbilt Redcap
NA
CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows malicious users to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
Vanderbilt Redcap
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »