Vulnerabilities > Vanderbilt

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-15	CVE-2022-24004	Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. network low complexity vanderbilt CWE-79	5.4
2022-06-15	CVE-2022-24127	Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. network low complexity vanderbilt CWE-79	5.4
2022-04-13	CVE-2021-42136	Cross-site Scripting vulnerability in Vanderbilt Redcap A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. network low complexity vanderbilt CWE-79 critical	9.0
2021-01-12	CVE-2020-26713	Cross-site Scripting vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. network low complexity vanderbilt CWE-79	6.1
2021-01-12	CVE-2020-26712	SQL Injection vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. network low complexity vanderbilt CWE-89 critical	9.8
2020-11-02	CVE-2020-27358	Incorrect Default Permissions vulnerability in Vanderbilt Redcap An issue was discovered in REDCap 8.11.6 through 9.x before 10. network low complexity vanderbilt CWE-276	4.3
2019-11-22	CVE-2014-6311	Use of Insufficiently Random Values vulnerability in multiple products generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. network low complexity vanderbilt debian CWE-330 critical	9.8
2019-10-04	CVE-2019-17121	Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. network low complexity vanderbilt CWE-79	5.4
2019-08-21	CVE-2019-15127	Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. network low complexity vanderbilt CWE-79	5.4
2019-08-17	CVE-2019-14937	SQL Injection vulnerability in Vanderbilt Redcap REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. network high complexity vanderbilt CWE-89	7.5

Vulnerabilities > Vanderbilt {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Vanderbilt"}]}

Vulnerabilities > Vanderbilt