Vulnerabilities > Vanderbilt

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-07	CVE-2023-37798	Cross-site Scripting vulnerability in Vanderbilt Redcap A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. network low complexity vanderbilt CWE-79	5.4
2023-07-25	CVE-2023-37361	SQL Injection vulnerability in Vanderbilt Redcap REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. network low complexity vanderbilt CWE-89	2.7
2022-10-12	CVE-2022-42715	Cross-site Scripting vulnerability in Vanderbilt Redcap A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. network low complexity vanderbilt CWE-79	6.1
2022-06-15	CVE-2022-24004	Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. network vanderbilt CWE-79	3.5
2022-06-15	CVE-2022-24127	Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. network vanderbilt CWE-79	3.5
2022-04-13	CVE-2021-42136	Cross-site Scripting vulnerability in Vanderbilt Redcap A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. network vanderbilt CWE-79	3.5
2021-01-12	CVE-2020-26713	Cross-site Scripting vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. network vanderbilt CWE-79	4.3
2021-01-12	CVE-2020-26712	SQL Injection vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. network low complexity vanderbilt CWE-89 critical	10.0
2020-11-02	CVE-2020-27358	Incorrect Default Permissions vulnerability in Vanderbilt Redcap An issue was discovered in REDCap 8.11.6 through 9.x before 10. network low complexity vanderbilt CWE-276	4.0
2019-11-22	CVE-2014-6311	Use of Insufficiently Random Values vulnerability in multiple products generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. network low complexity vanderbilt debian CWE-330	5.0

Vulnerabilities > Vanderbilt {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vanderbilt"}]}

Vulnerabilities > Vanderbilt