Vulnerabilities > Vanderbilt > Redcap > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-09 | CVE-2024-56376 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. | 5.4 |
| 2025-01-09 | CVE-2024-56377 | Cross-site Scripting vulnerability in Vanderbilt Redcap 14.9.6 A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. | 5.4 |
| 2023-09-07 | CVE-2023-37798 | Cross-site Scripting vulnerability in Vanderbilt Redcap A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | 5.4 |
| 2022-10-12 | CVE-2022-42715 | Cross-site Scripting vulnerability in Vanderbilt Redcap A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. | 6.1 |
| 2022-06-15 | CVE-2022-24004 | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. | 5.4 |
| 2022-06-15 | CVE-2022-24127 | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. | 5.4 |
| 2021-01-12 | CVE-2020-26713 | Cross-site Scripting vulnerability in Vanderbilt Redcap 10.0.20/10.3.4 REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. | 6.1 |
| 2020-11-02 | CVE-2020-27358 | Incorrect Default Permissions vulnerability in Vanderbilt Redcap An issue was discovered in REDCap 8.11.6 through 9.x before 10. | 4.3 |
| 2019-10-04 | CVE-2019-17121 | Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. | 5.4 |
| 2019-08-21 | CVE-2019-15127 | Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. | 5.4 |