Vulnerabilities > Vanderbilt

DATE CVE VULNERABILITY TITLE RISK
2023-09-07 CVE-2023-37798 Cross-site Scripting vulnerability in Vanderbilt Redcap
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.
network
low complexity
vanderbilt CWE-79
5.4
2023-07-25 CVE-2023-37361 SQL Injection vulnerability in Vanderbilt Redcap
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.
network
low complexity
vanderbilt CWE-89
2.7
2022-10-12 CVE-2022-42715 Cross-site Scripting vulnerability in Vanderbilt Redcap
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature.
network
low complexity
vanderbilt CWE-79
6.1
2022-06-15 CVE-2022-24004 Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11.
network
low complexity
vanderbilt CWE-79
5.4
2022-06-15 CVE-2022-24127 Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11.
network
low complexity
vanderbilt CWE-79
5.4
2022-04-13 CVE-2021-42136 Cross-site Scripting vulnerability in Vanderbilt Redcap
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value.
network
low complexity
vanderbilt CWE-79
critical
9.0
2021-01-12 CVE-2020-26713 Cross-site Scripting vulnerability in Vanderbilt Redcap 10.0.20/10.3.4
REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort.
network
low complexity
vanderbilt CWE-79
6.1
2021-01-12 CVE-2020-26712 SQL Injection vulnerability in Vanderbilt Redcap 10.0.20/10.3.4
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter.
network
low complexity
vanderbilt CWE-89
critical
9.8
2020-11-02 CVE-2020-27358 Incorrect Default Permissions vulnerability in Vanderbilt Redcap
An issue was discovered in REDCap 8.11.6 through 9.x before 10.
network
low complexity
vanderbilt CWE-276
4.3
2019-11-22 CVE-2014-6311 Use of Insufficiently Random Values vulnerability in multiple products
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
network
low complexity
vanderbilt debian CWE-330
critical
9.8