Vulnerabilities > Vanderbilt > Redcap > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-13 | CVE-2021-42136 | Cross-site Scripting vulnerability in Vanderbilt Redcap A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. | 9.0 |
| 2021-01-12 | CVE-2020-26712 | SQL Injection vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. | 9.8 |