Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vanderbilt redcap vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42715
A reflected XSS vulnerability exists in REDCap prior to 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.
Vanderbilt Redcap
NA
CVE-2023-37798
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows malicious users to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
Vanderbilt Redcap
4
CVSSv2
CVE-2020-27358
An issue exists in REDCap 8.11.6 up to and including 9.x prior to 10. The messenger's CSV feature (that allows users to export their conversation threads as CSV) allows non-privileged users to export one another's conversation threads by changing the thread_id parameter...
Vanderbilt Redcap
1 Github repository
NA
CVE-2023-37361
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
Vanderbilt Redcap
3.5
CVSSv2
CVE-2019-17121
REDCap prior to 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values.
Vanderbilt Redcap
4
CVSSv2
CVE-2017-7351
A SQL injection issue exists in a file upload handler in REDCap 7.x prior to 7.0.11 via a trailing substring to SendITController:upload.
Vanderbilt Redcap
1 Github repository
3.5
CVSSv2
CVE-2021-42136
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap prior to 11.4.0 allows remote malicious users to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged ...
Vanderbilt Redcap
6.8
CVSSv2
CVE-2017-10961
REDCap prior to 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components.
Vanderbilt Redcap
4.3
CVSSv2
CVE-2017-10962
REDCap prior to 7.5.1 has XSS via the query string.
Vanderbilt Redcap
6
CVSSv2
CVE-2019-14937
REDCap prior to 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to...
Vanderbilt Redcap
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »