CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37798
https://notcve.org/view.php?id=CVE-2023-37798
07 Sep 2023 — A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter. Una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en la nueva función de creación de proyectos REDCap de Vanderbilt REDCap 13.1.35 permite a los atacantes ejecutar scripts web arbitrarios o HTML mediante la inyección de un payload manipulado en el parámet... • http://redcap.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37361
https://notcve.org/view.php?id=CVE-2023-37361
25 Jul 2023 — REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. • https://trustwave.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 1CVE-2022-42715
https://notcve.org/view.php?id=CVE-2022-42715
12 Oct 2022 — A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution. Se presenta una vulnerabilidad de tipo XSS reflejado en REDCap versiones anteriores a 12.04.18, en la funcionalidad Alerts & Notifications upload. Un archivo CSV diseñado, cuando es cargado, desencadena una ejecución arbitraria de código JavaScript • https://github.com/uclahs-secops/security-research/tree/main/reports/20221011-recap-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 15%CPEs: 1EXPL: 3CVE-2021-42136 – REDCap 11.3.9 - Stored Cross Site Scripting
https://notcve.org/view.php?id=CVE-2021-42136
13 Apr 2022 — A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenada en la funcionalidad Missing Data Codes de REDCap versión 11.2.5, permite a atacantes remotos... • https://packetstorm.news/files/id/166723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17121
https://notcve.org/view.php?id=CVE-2019-17121
04 Oct 2019 — REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. REDCap versiones anteriores a 9.3.4, presenta una vulnerabilidad de tipo XSS en la página Customize & Manage Locking/E-signatures por medio de valores Lock Record Custom Text. • https://www.evms.edu/research/resources_services/redcap/redcap_change_log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15127
https://notcve.org/view.php?id=CVE-2019-15127
21 Aug 2019 — REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. REDCap anterior a la versión 9.3.0 permite ataques XSS contra cuentas que no son de administrador en la página Herramienta de importación de datos a través de un archivo de importación de datos CSV. • https://www.evms.edu/research/resources_services/redcap/redcap_change_log • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10962
https://notcve.org/view.php?id=CVE-2017-10962
18 Jul 2017 — REDCap before 7.5.1 has XSS via the query string. REDCap anterior a versión 7.5.1, presenta un problema de tipo XSS por medio de la cadena de consulta. • https://community.projectredcap.org/articles/13/changelog-standard-release.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-10961
https://notcve.org/view.php?id=CVE-2017-10961
18 Jul 2017 — REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components. REDCap anterior a versión 7.5.1, presenta un problema de tipo CSRF en la función deletion de los componentes File Repository y File Upload. • https://community.projectredcap.org/articles/13/changelog-standard-release.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 19EXPL: 0CVE-2013-4610
https://notcve.org/view.php?id=CVE-2013-4610
17 Jun 2013 — Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors. Vulnerabilidad no especificada en la utilidad Data Search en los formularios de entrada de datos de REDCap anterior a v5.0.3 y v5.1.x anterior a v5.1.2 tiene un impacto y vectores de ataque desconocidos. • http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 0CVE-2013-4611
https://notcve.org/view.php?id=CVE-2013-4611
17 Jun 2013 — Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page. Múltiples vulnerabilidades no especificadas en REDCap anterior a v5.1.1 permite a atacantes remotos tener un impacto no determinado a través de vectores que implican (1) la pagina de Online Designer o (2) la pagina de Manage Survey Participants. • http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf •