16 matches found
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
CVE-2023-37798
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
Sql injection
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
CVE-2023-38825
Summary: CVE-2023-38825 is a SQL injection vulnerability in Vanderbilt REDCap prior to v13.8.0, exposed via the MyCapMobileApp/update.php password-reset endpoint. Affected software: Vanderbilt REDCap (pre-13.8.0). Root cause/impact: improper input handling in the password-reset path allows a remo...
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
CVE-2023-38825
SQL injection vulnerability in Vanderbilt REDCap before v.13.8.0 allows a remote attacker to obtain sensitive information via the password reset mechanism in MyCapMobileApp/update.php...
PT-2024-12765 · Vanderbilt · Redcap
Name of the Vulnerable Software and Affected Versions: Vanderbilt REDCap versions prior to 13.8.0 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the password reset mechanism in the MyCapMobileApp/update.php endpoint, specifically through the passwo...
CVE-2023-37798
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
CVE-2023-37798
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter...
CVE-2023-37798
Vanderbilt REDCap 13.1.35 is affected by a stored XSS in the new project creation function, exploitable via the project title parameter. Root cause: insufficient input sanitization in the project title field leading to arbitrary script/HTML execution. Impact: potential arbitrary script execution ...
PT-2023-26113 · Vanderbilt · Redcap
Name of the Vulnerable Software and Affected Versions: Vanderbilt REDCap version 13.1.35 Description: A stored cross-site scripting XSS vulnerability in the new REDCap project creation function allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the...
REDCap Cross-Site Scripting Vulnerability
REDCap is a data collection and management web application. A security vulnerability exists in Vanderbilt REDCap version 13.1.35. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the item header parameter...