Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redcap vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-26713
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login ...
Vanderbilt Redcap 10.0.20
Vanderbilt Redcap 10.3.4
355
VMScore
CVE-2019-13029
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 prior to 8.10.20 and 9 prior to 9.1.2 allow an malicious user to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Vanderbilt Redcap
1 EDB exploit
NA
CVE-2023-37361
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
Vanderbilt Redcap
312
VMScore
CVE-2020-27359
A cross-site scripting (XSS) issue in REDCap 8.11.6 up to and including 9.x prior to 10 allows malicious users to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this ...
Evms Redcap
1 Github repository
312
VMScore
CVE-2019-15127
REDCap prior to 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
Vanderbilt Redcap
605
VMScore
CVE-2017-10961
REDCap prior to 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
Vanderbilt Redcap
383
VMScore
CVE-2017-10962
REDCap prior to 7.5.1 has XSS via the query string.
Vanderbilt Redcap
NA
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap prior to 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
Vanderbilt Redcap
356
VMScore
CVE-2020-27358
An issue exists in REDCap 8.11.6 up to and including 9.x prior to 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter...
Vanderbilt Redcap
1 Github repository
534
VMScore
CVE-2019-14937
REDCap prior to 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to...
Vanderbilt Redcap
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »