Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

326 matches found

Prion
Prionadded 2023/07/25 1:15 a.m.20 views

Sql injection

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, apptitle, or randomization...

3.3CVSS5.2AI score0.00513EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/07/25 12:0 a.m.12 views

CVE-2023-37361

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, apptitle, or randomization...

8.2AI score0.00513EPSS
Exploits1References2
Cvelist
Cvelistadded 2023/07/25 12:0 a.m.16 views

CVE-2023-37361

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, apptitle, or randomization...

5.2AI score0.00513EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/07/25 12:0 a.m.4 views

PT-2023-25931 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions 12.0.26 through 12.3.2 Description: The issue allows SQL Injection via parameters such as scheduling, repeatforms, purpose, app title, or randomization. Recommendations: For versions 12.0.26 and 12.3.2, consider restricting...

2.7CVSS4.5AI score0.00513EPSS
Exploits1References5
CVE
CVEadded 2023/07/25 12:0 a.m.58 views

CVE-2023-37361

CVE-2023-37361 affects REDCap versions 12.0.26 LTS and 12.3.2 Standard. The vulnerability is a SQL injection coming from specific parameters (scheduling, repeatforms, purpose, app_title, randomization) used in various function points, potentially enabling unauthorized data access or manipulation ...

2.7CVSS5.2AI score0.00513EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVEadded 2023/02/15 4:43 a.m.2 views

SUSE CVE-2017-10961

REDCap before 7.5.1 has CSRF in the deletion feature of the File Repository and File Upload components...

8.8CVSS7AI score0.00563EPSS
Exploits0References3
SUSE CVE
SUSE CVEadded 2023/02/15 4:43 a.m.3 views

SUSE CVE-2017-10962

REDCap before 7.5.1 has XSS via the query string...

6.1CVSS6AI score0.00639EPSS
Exploits0References3
OSV
OSVadded 2022/10/12 1:15 p.m.3 views

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

6.1CVSS6AI score
Exploits0References3
NVD
NVDadded 2022/10/12 1:15 p.m.11 views

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

6.1CVSS0.00698EPSS
Exploits1References3
Prion
Prionadded 2022/10/12 1:15 p.m.13 views

Cross site scripting

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

5.8CVSS6.2AI score0.00698EPSS
Exploits1References3Affected Software1
CVE
CVEadded 2022/10/12 12:0 a.m.56 views

CVE-2022-42715

Affected software: REDCap (prior to 12.04.18). Vulnerability: Reflected XSS in the Alerts & Notifications upload feature. A crafted CSV file can cause arbitrary JavaScript execution in the user’s browser. Root cause / scope: Unclear from provided docs beyond the XSS result via CSV upload; the iss...

6.1CVSS6.2AI score0.00698EPSS
Exploits1References3Affected Software1
CNNVD
CNNVDadded 2022/10/12 12:0 a.m.4 views

REDCap 跨站脚本漏洞

REDCap is a data collection and management web application. A security vulnerability exists in versions of REDCap prior to 12.04.18, which stems from its Alerts & Notifications upload feature that allows an attacker to upload a carefully crafted CSV file to achieve reflective cross-site scripting...

6.1CVSS6.3AI score0.00698EPSS
Exploits1References4
Vulnrichment
Vulnrichmentadded 2022/10/12 12:0 a.m.5 views

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

6.3AI score0.00698EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2022/10/12 12:0 a.m.5 views

PT-2022-26515 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions prior to 12.04.18 Description: A reflected XSS issue exists in the Alerts & Notifications upload feature, allowing arbitrary JavaScript code execution when a crafted CSV file is uploaded. Recommendations: For versions prior to...

6.1CVSS6.3AI score0.00698EPSS
Exploits1References6
Cvelist
Cvelistadded 2022/10/12 12:0 a.m.20 views

CVE-2022-42715

A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution...

6.4AI score0.00698EPSS
Exploits1References3
OSV
OSVadded 2022/06/15 7:15 p.m.3 views

CVE-2022-24127

A Stored Cross-Site Scripting XSS vulnerability was discovered in ProjectGeneral/editprojectsettings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title apptitle field when editing an existing project. The payload i...

5.4CVSS6AI score0.00656EPSS
Exploits2References2
ATTACKERKB
ATTACKERKBadded 2022/06/15 7:15 p.m.2 views

CVE-2022-24004

A Stored Cross-Site Scripting XSS vulnerability was discovered in Messenger/messengerajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title aka newtitle field when editing an existing conversation. The payload executes in the browser...

5.4CVSS5.8AI score0.00656EPSS
Exploits2References3
ATTACKERKB
ATTACKERKBadded 2022/06/15 7:15 p.m.2 views

CVE-2022-24127

A Stored Cross-Site Scripting XSS vulnerability was discovered in ProjectGeneral/editprojectsettings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title apptitle field when editing an existing project. The payload i...

5.4CVSS5.8AI score0.00656EPSS
Exploits2References3
NVD
NVDadded 2022/06/15 7:15 p.m.10 views

CVE-2022-24004

A Stored Cross-Site Scripting XSS vulnerability was discovered in Messenger/messengerajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title aka newtitle field when editing an existing conversation. The payload executes in the browser...

5.4CVSS0.00652EPSS
Exploits1References2
OSV
OSVadded 2022/06/15 7:15 p.m.5 views

CVE-2022-24004

A Stored Cross-Site Scripting XSS vulnerability was discovered in Messenger/messengerajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title aka newtitle field when editing an existing conversation. The payload executes in the browser...

5.4CVSS6AI score0.00656EPSS
Exploits2References2
Rows per page
Query Builder