Lucene search
+L

80 matches found

RedhatCVE
RedhatCVE
added 2025/06/12 12:18 a.m.5 views

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

5.4CVSS5.2AI score0.00352EPSS
Exploits3References1
NVD
NVD
added 2025/06/10 6:15 p.m.10 views

CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

5.4CVSS0.00409EPSS
Exploits3References3
NVD
NVD
added 2025/06/10 6:15 p.m.29 views

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

5.4CVSS0.00409EPSS
Exploits3References3
CVE
CVE
added 2025/06/10 12:0 a.m.65 views

CVE-2024-37395

REDCap 13.1.9.x stores XSS in the Public Survey page: authenticated users can inject scripts via the Survey Title and Survey Instructions. The vulnerability triggers when the survey is accessed via its public link. Remediation is to update to 14.2.1 or later (per the CVE description). The connect...

5.4CVSS5.3AI score0.00409EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2025/06/10 12:0 a.m.23 views

CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

0.00409EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/06/10 12:0 a.m.13 views

CVE-2024-37395

A stored cross-site scripting XSS vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Survey Title' and 'Survey Instructions' fields. This vulnerability could be exploited by...

0.00352EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/06/10 12:0 a.m.6 views

PT-2025-24818 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 13.1.9 Description: A stored cross-site scripting XSS issue in the Calendar function allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the Notes field of a calendar event. Th...

5.4CVSS5.4AI score0.00409EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2025/06/10 12:0 a.m.4 views

CVE-2024-37396

A stored cross-site scripting XSS vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Notes' field of a calendar event. This could lead to the execution of malicious scripts when the...

5.7AI score0.00409EPSS
Exploits3References3
CVE
CVE
added 2025/06/10 12:0 a.m.60 views

CVE-2024-37394

CVE-2024-37394 (REDCap) : A stored XSS in REDCap 13.1.9 affects the Project Dashboards, allowing authenticated users to inject payloads into the Dashboard title and content. Exploitation leads to execution of malicious scripts when the dashboard is viewed. Red Hat CVE records mirror this issue fo...

5.4CVSS5.7AI score0.00409EPSS
Exploits3References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 11:35 a.m.10 views

CVE-2025-23110

An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting XSS vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the...

6.1CVSS5.1AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:24 a.m.13 views

CVE-2024-45527

REDCap 14.7.0 allows HTML injection via the project title of a New Project action. This can lead to resultant logout CSRF via index.php?logout=1, and can also be used to insert a link to an external phishing website...

6.1CVSS7AI score0.00185EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:1 a.m.6 views

CVE-2024-56314

A stored cross-site scripting XSS vulnerability in the Project name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the...

5.4CVSS5.5AI score0.00386EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:1 a.m.8 views

CVE-2024-56312

A stored cross-site scripting XSS vulnerability in the Project Dashboard name of REDCap through 14.9.6 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially...

5.4CVSS5.5AI score0.00386EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:33 p.m.13 views

CVE-2020-27359

A cross-site scripting XSS issue in REDCap 8.11.6 through 9.x before 10 allows attackers to inject arbitrary JavaScript or HTML in the Messenger feature. It was found that the filename of the image or file attached in a message could be used to perform this XSS attack. A user could craft a messag...

5.4CVSS5.2AI score0.00801EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:1 p.m.8 views

CVE-2020-26712

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. The application uses the addition of a string of information from the submitted user that is not validated well in the database query, resulting in an SQL injection vulnerability where an attacker ca...

10CVSS7.6AI score0.0211EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:25 p.m.11 views

CVE-2020-27358

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature that allows users to export their conversation threads as CSV allows non-privileged users to export one another's conversation threads by changing the threadid parameter in the request to the endpoint...

4.3CVSS6.8AI score0.02031EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 5:26 a.m.9 views

CVE-2013-4610

Unspecified vulnerability in the Data Search utility in data-entry forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact and remote attack vectors...

10CVSS7.4AI score0.01743EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:20 a.m.6 views

CVE-2012-6564

Cross-site scripting XSS vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.01374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:55 a.m.10 views

CVE-2013-4608

Cross-site scripting XSS vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page...

4.3CVSS5.8AI score0.01214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:31 a.m.8 views

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

7.5CVSS7.9AI score0.01404EPSS
Exploits1References1
Rows per page
Query Builder