Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Redcap
(Vanderbilt)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 24 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-07 | CVE-2023-37798 | A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | Redcap | 5.4 | ||
| 2023-07-25 | CVE-2023-37361 | REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | Redcap | 2.7 | ||
| 2022-10-12 | CVE-2022-42715 | A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. | Redcap | 6.1 | ||
| 2022-06-15 | CVE-2022-24004 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | Redcap | 5.4 |