Vulnerabilities > Vanderbilt

DATE CVE VULNERABILITY TITLE RISK
2013-06-17 CVE-2013-4609 Permissions, Privileges, and Access Controls vulnerability in multiple products
REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call.
network
low complexity
project-redcap vanderbilt CWE-264
6.5
6.5
2013-06-17 CVE-2013-4608 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page. 		4.3
4.3
2013-06-17 CVE-2012-6566 Cross-Site Scripting vulnerability in Vanderbilt Redcap 4.14.0/4.14.1
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
vanderbilt CWE-79
4.3
4.3
2013-06-17 CVE-2012-6565 Cross-Site Scripting vulnerability in Vanderbilt Redcap 4.14.0/4.14.1/4.14.2
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels.
network
vanderbilt CWE-79
3.5
3.5
2013-06-17 CVE-2012-6564 Cross-Site Scripting vulnerability in Vanderbilt Redcap
Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
vanderbilt CWE-79
4.3
4.3