Page 2 of 17 results (0.002 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. REDCap anterior a la versión 9.3.0 permite ataques XSS contra cuentas que no son de administrador en la página Herramienta de importación de datos a través de un archivo de importación de datos CSV. • https://www.evms.edu/research/resources_services/redcap/redcap_change_log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. REDCap anterior a versión 7.5.1, presenta un problema de tipo CSRF en la función deletion de los componentes File Repository y File Upload. • https://community.projectredcap.org/articles/13/changelog-standard-release.html https://gist.github.com/jordanpotti/fef4f1ada404d5ba7f88ab42e93cdaae • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

REDCap before 7.5.1 has XSS via the query string. REDCap anterior a versión 7.5.1, presenta un problema de tipo XSS por medio de la cadena de consulta. • https://community.projectredcap.org/articles/13/changelog-standard-release.html https://gist.github.com/jordanpotti/fef4f1ada404d5ba7f88ab42e93cdaae • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-site scripting (XSS) en REDCap anterior a v4.14.2 permite a atacantes remotos a inyectar secuencias de comandos Web o HTML a través de vectores no especificados. • http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

REDCap before 4.14.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the logic of a custom rule. REDCap anterior a v4.14.0 permite a usuarios remotos autenticados ejecutar código arbitrario a través de metacaracteres de shell en la lógica de una regla personalizada • http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf • CWE-20: Improper Input Validation •