Vulnerabilities > Vanderbilt > Low
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-25 | CVE-2023-37361 | SQL Injection vulnerability in Vanderbilt Redcap REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | 2.7 |
2022-06-15 | CVE-2022-24127 | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. | 3.5 |
2022-06-15 | CVE-2022-24004 | Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. | 3.5 |
2022-04-13 | CVE-2021-42136 | Cross-site Scripting vulnerability in Vanderbilt Redcap A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. | 3.5 |
2019-10-04 | CVE-2019-17121 | Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. | 3.5 |
2019-08-21 | CVE-2019-15127 | Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. | 3.5 |
2019-07-11 | CVE-2019-13029 | Cross-site Scripting vulnerability in Vanderbilt Redcap Multiple stored Cross-site scripting (XSS) issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser. | 3.5 |
2013-06-17 | CVE-2012-6565 | Cross-Site Scripting vulnerability in Vanderbilt Redcap 4.14.0/4.14.1/4.14.2 Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels. | 3.5 |