Filtered by vendor Vanderbilt
Subscriptions
Filtered by product Redcap
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2024-08-03 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | ||||
| CVE-2022-24004 | 1 Vanderbilt | 1 Redcap | 2024-08-03 | 5.4 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | ||||
| CVE-2023-37798 | 1 Vanderbilt | 1 Redcap | 2024-08-02 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | ||||
| CVE-2023-37361 | 1 Vanderbilt | 1 Redcap | 2024-08-02 | 2.7 Low |
| REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | ||||