Vulnerabilities > Vanderbilt > Redcap > 12.0.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-07 | CVE-2023-37798 | Cross-site Scripting vulnerability in Vanderbilt Redcap A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | 5.4 |
| 2023-07-25 | CVE-2023-37361 | SQL Injection vulnerability in Vanderbilt Redcap REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | 2.7 |
| 2022-10-12 | CVE-2022-42715 | Cross-site Scripting vulnerability in Vanderbilt Redcap A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. | 6.1 |
| 2022-06-15 | CVE-2022-24004 | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. | 3.5 |
| 2022-06-15 | CVE-2022-24127 | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. | 3.5 |