Vulnerabilities > Vanderbilt > Redcap > 12.4.18
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-21 | CVE-2023-38825 | SQL Injection vulnerability in Vanderbilt Redcap SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php. | 6.5 |
| 2023-09-07 | CVE-2023-37798 | Cross-site Scripting vulnerability in Vanderbilt Redcap A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | 5.4 |