Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redcap vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2020-26712
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability whe...
Vanderbilt Redcap 10.0.20
Vanderbilt Redcap 10.3.4
356
VMScore
CVE-2020-27358
An issue exists in REDCap 8.11.6 up to and including 9.x prior to 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter...
Vanderbilt Redcap
1 Github repository
312
VMScore
CVE-2020-27359
A cross-site scripting (XSS) issue in REDCap 8.11.6 up to and including 9.x prior to 10 allows malicious users to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this ...
Evms Redcap
1 Github repository
NA
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap prior to 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
Vanderbilt Redcap
383
VMScore
CVE-2017-10962
REDCap prior to 7.5.1 has XSS via the query string.
Vanderbilt Redcap
312
VMScore
CVE-2019-15127
REDCap prior to 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
Vanderbilt Redcap
NA
CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows malicious users to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
Vanderbilt Redcap
605
VMScore
CVE-2017-10961
REDCap prior to 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
Vanderbilt Redcap
312
VMScore
CVE-2019-17121
REDCap prior to 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.
Vanderbilt Redcap
356
VMScore
CVE-2017-7351
A SQL injection issue exists in a file upload handler in REDCap 7.x prior to 7.0.11 via a trailing substring to SendITController:upload.
Vanderbilt Redcap
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »