Vulnerabilities > Vanderbilt > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-13 CVE-2021-42136 Cross-site Scripting vulnerability in Vanderbilt Redcap
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value.
network
low complexity
vanderbilt CWE-79
critical
 9.0
9.0
2021-01-12 CVE-2020-26712 SQL Injection vulnerability in Vanderbilt Redcap 10.0.20/10.3.4
REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter.
network
low complexity
vanderbilt CWE-89
critical
 9.8
9.8
2019-11-22 CVE-2014-6311 Use of Insufficiently Random Values vulnerability in multiple products
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
network
low complexity
vanderbilt debian CWE-330
critical
 9.8
9.8