Filtered by vendor Vanderbilt
Subscriptions
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-42715 | 1 Vanderbilt | 1 Redcap | 2024-08-03 | 6.1 Medium |
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. | ||||
CVE-2022-24127 | 1 Vanderbilt | 1 Redcap | 2024-08-03 | 5.4 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | ||||
CVE-2022-24004 | 1 Vanderbilt | 1 Redcap | 2024-08-03 | 5.4 Medium |
A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | ||||
CVE-2023-37798 | 1 Vanderbilt | 1 Redcap | 2024-08-02 | 5.4 Medium |
A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. | ||||
CVE-2023-37361 | 1 Vanderbilt | 1 Redcap | 2024-08-02 | 2.7 Low |
REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. |