CVE-2019-17121

CVE-2019-17121 affects REDCap prior to 9.3.4 and involves an XSS vulnerability on the "Customize & Manage Locking/E-signatures" page triggered through Lock Record Custom Text values. The description in the sources confirms the issue but does not provide details on root cause, affected modules bey...

CVE-2019-15127

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...

CVE-2019-15127

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...

Cross site scripting

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...

CVE-2019-15127

REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file...

CVE-2019-15127

CVE-2019-15127 affects REDCap prior to 9.3.0. The issue is an XSS vulnerability on the Data Import Tool page, exploitable by a CSV data import file and affecting non-administrator accounts. The description in public records does not specify the underlying root cause or CVE exploit vectors beyond ...

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

Sql injection

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

CVE-2019-14937

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the calid parameter, such as calid=55 and sleep3 to Calendar/calendarpopupajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data...

CVE-2019-14937

REDCap before 9.3.0 is affected by a time-based SQL injection in the edit calendar event via cal_id (example cal_id=55 with sleep(3) in Calendar/calendar_popup_ajax.php). The vulnerability could allow an attacker to obtain a user’s login sessionid and re-login to compromise all data. The issue is...

REDCap 9.1.2 - Cross-Site Scripting

REDCap 9.1.2 - Cross-Site Scripting Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. -...

REDCap < 9.1.2 - Cross-Site Scripting

Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. - Location example:...

REDCap Cross Site Scripting

Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. - Location example:...

REDCap < 9.1.2 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges t...

CVE-2019-13029

Multiple stored Cross-site scripting XSS issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser...

CVE-2019-13029

Multiple stored Cross-site scripting XSS issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser...

Cross site scripting

Multiple stored Cross-site scripting XSS issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser...

CVE-2019-13029

Multiple stored Cross-site scripting XSS issues in the admin panel and survey system in REDCap 8 before 8.10.20 and 9 before 9.1.2 allow an attacker to inject arbitrary malicious HTML or JavaScript code into a user's web browser...

CVE-2019-13029

CVE-2019-13029 describes multiple stored XSS flaws in REDCap’s admin panel and survey system, affecting REDCap 8 prior to 8.10.20 and REDCap 9 prior to 9.1.2. The vulnerability allows an attacker with admin privileges to inject arbitrary HTML/JavaScript into a user’s browser, with the project nam...

REDCap SQL Injection Vulnerability

REDCap is a free, secure, web-based application sponsored by a multi-institutional consortium at Vanderbilt University USA. It is designed to support data mining research. file upload handler is one of the file upload applications. A SQL injection vulnerability exists in file upload handler in...