Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanderbilt redcap vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-24004
A Stored Cross-Site Scripting (XSS) vulnerability exists in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes...
Vanderbilt Redcap 12.0.11
5.4
CVSSv3
CVE-2019-17121
REDCap prior to 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.
Vanderbilt Redcap
5.4
CVSSv3
CVE-2019-15127
REDCap prior to 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
Vanderbilt Redcap
4.8
CVSSv3
CVE-2019-13029
Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 prior to 8.10.20 and 9 prior to 9.1.2 allow an malicious user to inject arbitrary malicious HTML or JavaScript code into a user's web browser.
Vanderbilt Redcap
1 EDB exploit
4.3
CVSSv3
CVE-2020-27358
An issue exists in REDCap 8.11.6 up to and including 9.x prior to 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter...
Vanderbilt Redcap
1 Github repository
2.7
CVSSv3
CVE-2023-37361
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
Vanderbilt Redcap
NA
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote malicious user to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php.
1 Github repository
NA
CVE-2013-4608
Cross-site scripting (XSS) vulnerability in REDCap prior to 5.0.6 allows remote malicious users to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.
Project-redcap Redcap 5.0.1
Project-redcap Redcap 4.14.6
Project-redcap Redcap 4.15.0
Project-redcap Redcap 4.15.2
Project-redcap Redcap 5.0.4
Project-redcap Redcap 5.0.3
Project-redcap Redcap 4.15.3
Project-redcap Redcap 4.15.4
Vanderbilt Redcap 4.14.4
Vanderbilt Redcap 4.14.3
Vanderbilt Redcap 4.14.2
Vanderbilt Redcap 4.14.1
Project-redcap Redcap 4.13.18
Vanderbilt Redcap
Project-redcap Redcap 5.0.2
Project-redcap Redcap 5.0.0
Project-redcap Redcap 4.14.5
Vanderbilt Redcap 4.14.0
Project-redcap Redcap 4.15.1
NA
CVE-2013-4609
REDCap prior to 5.0.4 and 5.1.x prior to 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as dem...
Project-redcap Redcap 5.0.0
Project-redcap Redcap 4.14.5
Vanderbilt Redcap 4.14.0
Project-redcap Redcap 4.15.1
Project-redcap Redcap 4.15.3
Project-redcap Redcap 5.1.2
Project-redcap Redcap 5.0.2
Project-redcap Redcap 4.15.4
Project-redcap Redcap 4.13.18
Vanderbilt Redcap
Project-redcap Redcap 5.1.1
Vanderbilt Redcap 4.14.4
Vanderbilt Redcap 4.14.3
Vanderbilt Redcap 4.14.2
Vanderbilt Redcap 4.14.1
Project-redcap Redcap 5.0.1
Project-redcap Redcap 4.14.6
Project-redcap Redcap 4.15.0
Project-redcap Redcap 4.15.2
Project-redcap Redcap 5.1.0
NA
CVE-2013-4610
Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap prior to 5.0.3 and 5.1.x prior to 5.1.2 has unknown impact and remote attack vectors.
Project-redcap Redcap 5.0.0
Project-redcap Redcap 4.14.5
Project-redcap Redcap 4.15.1
Project-redcap Redcap 4.15.3
Project-redcap Redcap 5.1.1
Project-redcap Redcap 4.15.4
Project-redcap Redcap 4.13.18
Project-redcap Redcap 5.0.6
Project-redcap Redcap 5.1.0
Vanderbilt Redcap 4.14.4
Vanderbilt Redcap 4.14.3
Vanderbilt Redcap 4.14.2
Vanderbilt Redcap 4.14.1
Vanderbilt Redcap 4.14.0
Project-redcap Redcap 5.0.1
Project-redcap Redcap 4.14.6
Project-redcap Redcap 4.15.0
Project-redcap Redcap 4.15.2
Vanderbilt Redcap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »